Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-20700 (GCVE-0-2026-20700)
Vulnerability from cvelistv5 – Published: 2026-02-11 22:58 – Updated: 2026-04-02 18:23
VLAI?
EPSS
CISA KEV
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Severity ?
7.8 (High)
CWE
- An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Assigner
References
Impacted products
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 453a593e-6c26-4c36-81a2-1d550d822df5
Exploited: Yes
Timestamps
First Seen: 2026-02-12
Asserted: 2026-02-12
Scope
Notes: KEV entry: Apple Multiple Buffer Overflow Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-119 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Multiple Products |
| Due Date | 2026-03-05 |
| Date Added | 2026-02-12 |
| Vendorproject | Apple |
| Vulnerabilityname | Apple Multiple Buffer Overflow Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-13 07:17 UTC
| Updated: 2026-02-13 07:17 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20700",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:28.931576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:22.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-12T00:00:00.000Z",
"value": "CVE-2026-20700 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:23:25.647Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126346"
},
{
"url": "https://support.apple.com/en-us/126348"
},
{
"url": "https://support.apple.com/en-us/126351"
},
{
"url": "https://support.apple.com/en-us/126352"
},
{
"url": "https://support.apple.com/en-us/126353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-20700",
"datePublished": "2026-02-11T22:58:54.448Z",
"dateReserved": "2025-11-11T14:43:07.877Z",
"dateUpdated": "2026-04-02T18:23:25.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2026-20700",
"cwes": "[\"CWE-119\"]",
"dateAdded": "2026-02-12",
"dueDate": "2026-03-05",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700",
"product": "Multiple Products",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.",
"vendorProject": "Apple",
"vulnerabilityName": "Apple Multiple Buffer Overflow Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20700\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-02-11T23:16:10.670\",\"lastModified\":\"2026-03-25T17:39:37.227\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una gesti\u00f3n de estado mejorada. Este problema est\u00e1 solucionado en watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 y iPadOS 26.3. Un atacante con capacidad de escritura en memoria podr\u00eda ejecutar c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema podr\u00eda haber sido explotado en un ataque extremadamente sofisticado contra individuos espec\u00edficos y dirigidos en versiones de iOS anteriores a iOS 26. CVE-2025-14174 y CVE-2025-43529 tambi\u00e9n se emitieron en respuesta a este informe.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2026-02-12\",\"cisaActionDue\":\"2026-03-05\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apple Multiple Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"73ED2212-C513-4BE8-8EDB-40DF4323558E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"DEC63AFD-9C97-45CD-80CF-CC60DF064838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"E1EEEE88-5ADA-4C55-9C7C-397E904408DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"60137BD4-65B6-4962-B1E5-5F4EE279489B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"388EDB3F-A14E-4922-B88A-F1CB6DE50A2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"F406F3D2-0AF3-4F83-A123-2AC07B3B094E\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/126346\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126348\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126351\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126352\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126353\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20700\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-13T04:56:28.931576Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-02-12\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-12T00:00:00.000Z\", \"value\": \"CVE-2026-20700 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-12T14:22:57.029Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/126346\"}, {\"url\": \"https://support.apple.com/en-us/126348\"}, {\"url\": \"https://support.apple.com/en-us/126351\"}, {\"url\": \"https://support.apple.com/en-us/126352\"}, {\"url\": \"https://support.apple.com/en-us/126353\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-04-02T18:23:25.647Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20700\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T18:23:25.647Z\", \"dateReserved\": \"2025-11-11T14:43:07.877Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-02-11T22:58:54.448Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-20700
Vulnerability from fkie_nvd - Published: 2026-02-11 23:16 - Updated: 2026-03-25 17:39
Severity ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/126346 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/126348 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/126351 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/126352 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/126353 | Release Notes, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700 | US Government Resource |
{
"cisaActionDue": "2026-03-05",
"cisaExploitAdd": "2026-02-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apple Multiple Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73ED2212-C513-4BE8-8EDB-40DF4323558E",
"versionEndExcluding": "26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC63AFD-9C97-45CD-80CF-CC60DF064838",
"versionEndExcluding": "26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EEEE88-5ADA-4C55-9C7C-397E904408DD",
"versionEndExcluding": "26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60137BD4-65B6-4962-B1E5-5F4EE279489B",
"versionEndExcluding": "26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "388EDB3F-A14E-4922-B88A-F1CB6DE50A2A",
"versionEndExcluding": "26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F406F3D2-0AF3-4F83-A123-2AC07B3B094E",
"versionEndExcluding": "26.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de corrupci\u00f3n de memoria con una gesti\u00f3n de estado mejorada. Este problema est\u00e1 solucionado en watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 y iPadOS 26.3. Un atacante con capacidad de escritura en memoria podr\u00eda ejecutar c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema podr\u00eda haber sido explotado en un ataque extremadamente sofisticado contra individuos espec\u00edficos y dirigidos en versiones de iOS anteriores a iOS 26. CVE-2025-14174 y CVE-2025-43529 tambi\u00e9n se emitieron en respuesta a este informe."
}
],
"id": "CVE-2026-20700",
"lastModified": "2026-03-25T17:39:37.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-02-11T23:16:10.670",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126346"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126348"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126351"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126352"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126353"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CNVD-2026-14497
Vulnerability from cnvd - Published: 2026-03-23
VLAI Severity ?
Title
多款Apple产品代码执行漏洞(CNVD-2026-14497)
Description
Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。
多款Apple产品存在代码执行漏洞,攻击者可利用该漏洞执行任意代码。
Severity
中
Patch Name
多款Apple产品代码执行漏洞(CNVD-2026-14497)的补丁
Patch Description
Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。
多款Apple产品存在代码执行漏洞,攻击者可利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://support.apple.com/en-us/126346
Reference
https://support.apple.com/en-us/126346
Impacted products
| Name | ['Apple iOS <18.7', 'Apple iPadOS <18.7', 'Apple macOS Tahoe <26.3', 'Apple iOS <26.3', 'Apple iPadOS <26.3', 'Apple visionOS <26.3', 'Apple watchOS <26.3', 'Apple tvOS <26.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2026-20700",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-20700"
}
},
"description": "Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple watchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/126346",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-14497",
"openTime": "2026-03-23",
"patchDescription": "Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple watchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2026-14497\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Apple iOS \u003c18.7",
"Apple iPadOS \u003c18.7",
"Apple macOS Tahoe \u003c26.3",
"Apple iOS \u003c26.3",
"Apple iPadOS \u003c26.3",
"Apple visionOS \u003c26.3",
"Apple watchOS \u003c26.3",
"Apple tvOS \u003c26.3"
]
},
"referenceLink": "https://support.apple.com/en-us/126346",
"serverity": "\u4e2d",
"submitTime": "2026-03-02",
"title": "\u591a\u6b3eApple\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2026-14497\uff09"
}
GHSA-J5X8-2R52-C3FF
Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-12 21:31
VLAI?
Details
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2026-20700"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T23:16:10Z",
"severity": "HIGH"
},
"details": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.",
"id": "GHSA-j5x8-2r52-c3ff",
"modified": "2026-02-12T21:31:26Z",
"published": "2026-02-12T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20700"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126346"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126348"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126351"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126352"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126353"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2026-AVI-0158
Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.4 | ||
| Apple | Safari | Safari versions antérieures à 26.3 | ||
| Apple | iOS | iOS versions antérieures à 18.7.5 | ||
| Apple | N/A | watchOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.4 | ||
| Apple | N/A | tvOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.3 | ||
| Apple | N/A | visionOS versions antérieures à 26.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20624"
},
{
"name": "CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"name": "CVE-2026-20619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20619"
},
{
"name": "CVE-2026-20606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20606"
},
{
"name": "CVE-2026-20611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20611"
},
{
"name": "CVE-2026-20617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20617"
},
{
"name": "CVE-2025-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43417"
},
{
"name": "CVE-2025-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46310"
},
{
"name": "CVE-2026-20625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20625"
},
{
"name": "CVE-2026-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20650"
},
{
"name": "CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"name": "CVE-2026-20626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20626"
},
{
"name": "CVE-2026-20666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20666"
},
{
"name": "CVE-2026-20662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20662"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2026-20658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20658"
},
{
"name": "CVE-2026-20612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20612"
},
{
"name": "CVE-2026-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20655"
},
{
"name": "CVE-2026-20638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20638"
},
{
"name": "CVE-2026-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20682"
},
{
"name": "CVE-2026-20605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20605"
},
{
"name": "CVE-2026-20674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20674"
},
{
"name": "CVE-2026-20642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20642"
},
{
"name": "CVE-2026-20647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20647"
},
{
"name": "CVE-2026-20628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20628"
},
{
"name": "CVE-2026-20646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20646"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"name": "CVE-2026-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20623"
},
{
"name": "CVE-2026-20615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20615"
},
{
"name": "CVE-2026-20630",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20630"
},
{
"name": "CVE-2026-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20677"
},
{
"name": "CVE-2026-20680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20680"
},
{
"name": "CVE-2026-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20661"
},
{
"name": "CVE-2026-20654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20654"
},
{
"name": "CVE-2026-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20673"
},
{
"name": "CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"name": "CVE-2025-46305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46305"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"name": "CVE-2025-46303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46303"
},
{
"name": "CVE-2025-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46301"
},
{
"name": "CVE-2026-20616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20616"
},
{
"name": "CVE-2026-20653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20653"
},
{
"name": "CVE-2026-20602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20602"
},
{
"name": "CVE-2025-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46300"
},
{
"name": "CVE-2026-20656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20656"
},
{
"name": "CVE-2026-20609",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20609"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2026-20627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20627"
},
{
"name": "CVE-2026-20663",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20663"
},
{
"name": "CVE-2026-20621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20621"
},
{
"name": "CVE-2026-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20681"
},
{
"name": "CVE-2026-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20678"
},
{
"name": "CVE-2026-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20667"
},
{
"name": "CVE-2025-43403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43403"
},
{
"name": "CVE-2026-20603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20603"
},
{
"name": "CVE-2025-46304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46304"
},
{
"name": "CVE-2025-43537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43537"
},
{
"name": "CVE-2026-20620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20620"
},
{
"name": "CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-46290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46290"
},
{
"name": "CVE-2026-20641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20641"
},
{
"name": "CVE-2026-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20649"
},
{
"name": "CVE-2025-46302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46302"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20648"
},
{
"name": "CVE-2026-20671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20671"
},
{
"name": "CVE-2026-20610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20610"
},
{
"name": "CVE-2026-20618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20618"
},
{
"name": "CVE-2026-20700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"
},
{
"name": "CVE-2026-20640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20640"
},
{
"name": "CVE-2026-20601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20601"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2026-20629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20629"
},
{
"name": "CVE-2026-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20634"
},
{
"name": "CVE-2026-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20669"
},
{
"name": "CVE-2026-20645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20645"
},
{
"name": "CVE-2026-20675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20675"
},
{
"name": "CVE-2026-20614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20614"
}
],
"initial_release_date": "2026-02-12T00:00:00",
"last_revision_date": "2026-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0158",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20700 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126346",
"url": "https://support.apple.com/en-us/126346"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126353",
"url": "https://support.apple.com/en-us/126353"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126347",
"url": "https://support.apple.com/en-us/126347"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126352",
"url": "https://support.apple.com/en-us/126352"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126348",
"url": "https://support.apple.com/en-us/126348"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126349",
"url": "https://support.apple.com/en-us/126349"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126351",
"url": "https://support.apple.com/en-us/126351"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126350",
"url": "https://support.apple.com/en-us/126350"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126354",
"url": "https://support.apple.com/en-us/126354"
}
]
}
CERTFR-2026-AVI-0158
Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.4 | ||
| Apple | Safari | Safari versions antérieures à 26.3 | ||
| Apple | iOS | iOS versions antérieures à 18.7.5 | ||
| Apple | N/A | watchOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.4 | ||
| Apple | N/A | tvOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.3 | ||
| Apple | N/A | visionOS versions antérieures à 26.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20624"
},
{
"name": "CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"name": "CVE-2026-20619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20619"
},
{
"name": "CVE-2026-20606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20606"
},
{
"name": "CVE-2026-20611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20611"
},
{
"name": "CVE-2026-20617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20617"
},
{
"name": "CVE-2025-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43417"
},
{
"name": "CVE-2025-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46310"
},
{
"name": "CVE-2026-20625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20625"
},
{
"name": "CVE-2026-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20650"
},
{
"name": "CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"name": "CVE-2026-20626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20626"
},
{
"name": "CVE-2026-20666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20666"
},
{
"name": "CVE-2026-20662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20662"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2026-20658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20658"
},
{
"name": "CVE-2026-20612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20612"
},
{
"name": "CVE-2026-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20655"
},
{
"name": "CVE-2026-20638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20638"
},
{
"name": "CVE-2026-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20682"
},
{
"name": "CVE-2026-20605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20605"
},
{
"name": "CVE-2026-20674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20674"
},
{
"name": "CVE-2026-20642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20642"
},
{
"name": "CVE-2026-20647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20647"
},
{
"name": "CVE-2026-20628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20628"
},
{
"name": "CVE-2026-20646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20646"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"name": "CVE-2026-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20623"
},
{
"name": "CVE-2026-20615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20615"
},
{
"name": "CVE-2026-20630",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20630"
},
{
"name": "CVE-2026-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20677"
},
{
"name": "CVE-2026-20680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20680"
},
{
"name": "CVE-2026-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20661"
},
{
"name": "CVE-2026-20654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20654"
},
{
"name": "CVE-2026-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20673"
},
{
"name": "CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"name": "CVE-2025-46305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46305"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"name": "CVE-2025-46303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46303"
},
{
"name": "CVE-2025-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46301"
},
{
"name": "CVE-2026-20616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20616"
},
{
"name": "CVE-2026-20653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20653"
},
{
"name": "CVE-2026-20602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20602"
},
{
"name": "CVE-2025-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46300"
},
{
"name": "CVE-2026-20656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20656"
},
{
"name": "CVE-2026-20609",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20609"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2026-20627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20627"
},
{
"name": "CVE-2026-20663",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20663"
},
{
"name": "CVE-2026-20621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20621"
},
{
"name": "CVE-2026-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20681"
},
{
"name": "CVE-2026-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20678"
},
{
"name": "CVE-2026-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20667"
},
{
"name": "CVE-2025-43403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43403"
},
{
"name": "CVE-2026-20603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20603"
},
{
"name": "CVE-2025-46304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46304"
},
{
"name": "CVE-2025-43537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43537"
},
{
"name": "CVE-2026-20620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20620"
},
{
"name": "CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-46290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46290"
},
{
"name": "CVE-2026-20641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20641"
},
{
"name": "CVE-2026-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20649"
},
{
"name": "CVE-2025-46302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46302"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20648"
},
{
"name": "CVE-2026-20671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20671"
},
{
"name": "CVE-2026-20610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20610"
},
{
"name": "CVE-2026-20618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20618"
},
{
"name": "CVE-2026-20700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"
},
{
"name": "CVE-2026-20640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20640"
},
{
"name": "CVE-2026-20601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20601"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2026-20629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20629"
},
{
"name": "CVE-2026-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20634"
},
{
"name": "CVE-2026-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20669"
},
{
"name": "CVE-2026-20645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20645"
},
{
"name": "CVE-2026-20675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20675"
},
{
"name": "CVE-2026-20614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20614"
}
],
"initial_release_date": "2026-02-12T00:00:00",
"last_revision_date": "2026-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0158",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20700 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126346",
"url": "https://support.apple.com/en-us/126346"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126353",
"url": "https://support.apple.com/en-us/126353"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126347",
"url": "https://support.apple.com/en-us/126347"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126352",
"url": "https://support.apple.com/en-us/126352"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126348",
"url": "https://support.apple.com/en-us/126348"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126349",
"url": "https://support.apple.com/en-us/126349"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126351",
"url": "https://support.apple.com/en-us/126351"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126350",
"url": "https://support.apple.com/en-us/126350"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126354",
"url": "https://support.apple.com/en-us/126354"
}
]
}
NCSC-2026-0063
Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:24 - Updated: 2026-02-13 13:24Summary
Kwetsbaarheden verholpen in Apple macOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.
Interpretaties: De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-416: Use After Free
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-823: Use of Out-of-range Pointer Offset
CWE-825: Expired Pointer Dereference
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.
8.8 (High)
An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.
7.1 (High)
macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.
7.8 (High)
Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.
5.5 (Medium)
macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.
5.5 (Medium)
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.
8.8 (High)
Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.
CWE-20 - Improper Input ValidationmacOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.
5.5 (Medium)
macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.
7.5 (High)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.
6.0 (Medium)
Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.
7.5 (High)
macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.
macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.
macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.
Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.
4.6 (Medium)
The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.
7.1 (High)
Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.
Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.
macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.
7.8 (High)
An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.
7.1 (High)
macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.
5.5 (Medium)
A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.
A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.
An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.
A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.
macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.
A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.
An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.
Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.
A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.
Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.
Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.
7.8 (High)
Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.
5.5 (Medium)
A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
7.1 (High)
macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.
macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.
5.5 (Medium)
Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.
5.5 (Medium)
Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.
4.3 (Medium)
iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.
A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.
6.5 (Medium)
macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.
macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.
5.5 (Medium)
A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.
5.5 (Medium)
A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.
A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.
7.5 (High)
Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.
7.5 (High)
A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.
5.5 (Medium)
The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.
A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.
macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.
A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.
7.5 (High)
An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
4.6 (Medium)
macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.
5.5 (Medium)
A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.
8.8 (High)
macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.
5.5 (Medium)
A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.
A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.
5.3 (Medium)
Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.
5.5 (Medium)
The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.
5.3 (Medium)
A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.
9.0 (Critical)
Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.
6.5 (Medium)
macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.
Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.
7.8 (High)
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico\u0027s te mitigeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126348"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126349"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126350"
}
],
"title": "Kwetsbaarheden verholpen in Apple macOS",
"tracking": {
"current_release_date": "2026-02-13T13:24:06.433550Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0063",
"initial_release_date": "2026-02-13T13:24:06.433550Z",
"revision_history": [
{
"date": "2026-02-13T13:24:06.433550Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43338 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43338.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43338"
},
{
"cve": "CVE-2025-43402",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43402 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43402.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43402"
},
{
"cve": "CVE-2025-43403",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43403 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43403.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43403"
},
{
"cve": "CVE-2025-43417",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43417 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43417.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43417"
},
{
"cve": "CVE-2025-43529",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-46283",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46290",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46290 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46290.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46290"
},
{
"cve": "CVE-2025-46300",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-46310",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46310 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46310.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46310"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20601",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20601 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20601.json"
}
],
"title": "CVE-2026-20601"
},
{
"cve": "CVE-2026-20602",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20602 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20602.json"
}
],
"title": "CVE-2026-20602"
},
{
"cve": "CVE-2026-20603",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20603 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20603.json"
}
],
"title": "CVE-2026-20603"
},
{
"cve": "CVE-2026-20605",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20606 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"notes": [
{
"category": "description",
"text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
}
],
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"notes": [
{
"category": "description",
"text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
}
],
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20610",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20610 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20610.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20610"
},
{
"cve": "CVE-2026-20611",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20611 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20612",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20612 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20612.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20612"
},
{
"cve": "CVE-2026-20614",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20614 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20614.json"
}
],
"title": "CVE-2026-20614"
},
{
"cve": "CVE-2026-20615",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20615 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
}
],
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20616 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
}
],
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"notes": [
{
"category": "description",
"text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
}
],
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20618",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20618 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20618.json"
}
],
"title": "CVE-2026-20618"
},
{
"cve": "CVE-2026-20619",
"notes": [
{
"category": "description",
"text": "A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20619 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20619.json"
}
],
"title": "CVE-2026-20619"
},
{
"cve": "CVE-2026-20620",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20620 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20620.json"
}
],
"title": "CVE-2026-20620"
},
{
"cve": "CVE-2026-20621",
"notes": [
{
"category": "description",
"text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20621 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
}
],
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20623",
"notes": [
{
"category": "description",
"text": "A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20623 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20623.json"
}
],
"title": "CVE-2026-20623"
},
{
"cve": "CVE-2026-20624",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20624 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20624.json"
}
],
"title": "CVE-2026-20624"
},
{
"cve": "CVE-2026-20625",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20625 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20625.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20625"
},
{
"cve": "CVE-2026-20626",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20629",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20629 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20629.json"
}
],
"title": "CVE-2026-20629"
},
{
"cve": "CVE-2026-20630",
"cwe": {
"id": "CWE-277",
"name": "Insecure Inherited Permissions"
},
"notes": [
{
"category": "other",
"text": "Insecure Inherited Permissions",
"title": "CWE-277"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20630 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20630.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20630"
},
{
"cve": "CVE-2026-20634",
"notes": [
{
"category": "description",
"text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"notes": [
{
"category": "description",
"text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20636 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
}
],
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20641",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
}
],
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20646",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20646 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20646.json"
}
],
"title": "CVE-2026-20646"
},
{
"cve": "CVE-2026-20647",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20647 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20647.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20647"
},
{
"cve": "CVE-2026-20648",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20648 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20648"
},
{
"cve": "CVE-2026-20649",
"notes": [
{
"category": "description",
"text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
}
],
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"notes": [
{
"category": "description",
"text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
}
],
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20656",
"notes": [
{
"category": "description",
"text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
}
],
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20658",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20658 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20658.json"
}
],
"title": "CVE-2026-20658"
},
{
"cve": "CVE-2026-20660",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20662",
"notes": [
{
"category": "description",
"text": "An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20662 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20662.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20662"
},
{
"cve": "CVE-2026-20666",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20666.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20666"
},
{
"cve": "CVE-2026-20667",
"notes": [
{
"category": "description",
"text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20669",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20669 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20669.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20669"
},
{
"cve": "CVE-2026-20671",
"notes": [
{
"category": "description",
"text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20671 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20675",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20675 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"notes": [
{
"category": "description",
"text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20680",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20681",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20681 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20681.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20681"
},
{
"cve": "CVE-2026-20700",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20700 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20700"
}
]
}
NCSC-2026-0064
Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:35 - Updated: 2026-02-13 13:35Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.
Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.
Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416: Use After Free
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-823: Use of Out-of-range Pointer Offset
CWE-825: Expired Pointer Dereference
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.
8.8 (High)
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.
8.8 (High)
Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.
CWE-20 - Improper Input ValidationiOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.
7.5 (High)
Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.
4.6 (Medium)
The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.
7.1 (High)
Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.
Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.
An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.
7.1 (High)
A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.
An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.
A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.
Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.
macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.
7.8 (High)
Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.
5.5 (Medium)
A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
7.1 (High)
Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.
5.5 (Medium)
Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.
4.3 (Medium)
iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.
A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.
5.5 (Medium)
iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.
A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.
Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.
6.5 (Medium)
An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.
4.6 (Medium)
A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.
A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.
7.5 (High)
Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.
7.5 (High)
A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.
5.5 (Medium)
The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.
An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.
A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.
7.5 (High)
An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
4.6 (Medium)
The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.
CWE-532 - Insertion of Sensitive Information into Log FileA logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.
8.8 (High)
A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.
A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.
5.3 (Medium)
iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.
4.6 (Medium)
Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.
5.5 (Medium)
The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.
5.3 (Medium)
A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.
9.0 (Critical)
An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.
5.5 (Medium)
Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.
6.5 (Medium)
A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.
5.3 (Medium)
Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.
7.8 (High)
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.\n\nApple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer v\u00f3\u00f3r 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126346"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126347"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2026-02-13T13:35:03.870920Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0064",
"initial_release_date": "2026-02-13T13:35:03.870920Z",
"revision_history": [
{
"date": "2026-02-13T13:35:03.870920Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43529",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43537",
"notes": [
{
"category": "description",
"text": "iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43537 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43537.json"
}
],
"title": "CVE-2025-43537"
},
{
"cve": "CVE-2025-46300",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20605",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20606 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"notes": [
{
"category": "description",
"text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
}
],
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"notes": [
{
"category": "description",
"text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
}
],
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20611",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20611 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20615",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20615 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
}
],
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20616 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
}
],
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"notes": [
{
"category": "description",
"text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
}
],
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20621",
"notes": [
{
"category": "description",
"text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20621 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
}
],
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20626",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20634",
"notes": [
{
"category": "description",
"text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"notes": [
{
"category": "description",
"text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20636 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
}
],
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20638",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20638 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20638.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20638"
},
{
"cve": "CVE-2026-20640",
"notes": [
{
"category": "description",
"text": "iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20640 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20640.json"
}
],
"title": "CVE-2026-20640"
},
{
"cve": "CVE-2026-20641",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
}
],
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20642",
"notes": [
{
"category": "description",
"text": "An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20642 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20642.json"
}
],
"title": "CVE-2026-20642"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20645",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "description",
"text": "An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20645 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20645.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20645"
},
{
"cve": "CVE-2026-20649",
"notes": [
{
"category": "description",
"text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
}
],
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"notes": [
{
"category": "description",
"text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
}
],
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20655",
"notes": [
{
"category": "description",
"text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20655.json"
}
],
"title": "CVE-2026-20655"
},
{
"cve": "CVE-2026-20656",
"notes": [
{
"category": "description",
"text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
}
],
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20660",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20661",
"notes": [
{
"category": "description",
"text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20661.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20661"
},
{
"cve": "CVE-2026-20663",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20663 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20663.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20663"
},
{
"cve": "CVE-2026-20667",
"notes": [
{
"category": "description",
"text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20671",
"notes": [
{
"category": "description",
"text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20671 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20674",
"notes": [
{
"category": "description",
"text": "iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20674 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20674.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20674"
},
{
"cve": "CVE-2026-20675",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20675 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"notes": [
{
"category": "description",
"text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20678",
"notes": [
{
"category": "description",
"text": "An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20678 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20678.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20678"
},
{
"cve": "CVE-2026-20680",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20682",
"notes": [
{
"category": "description",
"text": "A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20682 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20682.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20682"
},
{
"cve": "CVE-2026-20700",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20700 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20700"
}
]
}
WID-SEC-W-2026-0402
Vulnerability from csaf_certbund - Published: 2026-02-11 23:00 - Updated: 2026-03-24 23:00Summary
Apple iOS und iPadOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - MacOS X
- Sonstiges
References
| URL | Category | |
|---|---|---|
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0402 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0402.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0402 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0402"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126346"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126347"
}
],
"source_lang": "en-US",
"title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-24T23:00:00.000+00:00",
"generator": {
"date": "2026-03-25T06:11:04.490+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0402",
"initial_release_date": "2026-02-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c26.3",
"product": {
"name": "Apple iOS \u003c26.3",
"product_id": "T050863"
}
},
{
"category": "product_version",
"name": "26.3",
"product": {
"name": "Apple iOS 26.3",
"product_id": "T050863-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:iphone_os:26.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.7.5",
"product": {
"name": "Apple iOS \u003c18.7.5",
"product_id": "T050865"
}
},
{
"category": "product_version",
"name": "18.7.5",
"product": {
"name": "Apple iOS 18.7.5",
"product_id": "T050865-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:iphone_os:18.7.5"
}
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c26.3",
"product": {
"name": "Apple iPadOS \u003c26.3",
"product_id": "T050864"
}
},
{
"category": "product_version",
"name": "26.3",
"product": {
"name": "Apple iPadOS 26.3",
"product_id": "T050864-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:26.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.7.5",
"product": {
"name": "Apple iPadOS \u003c18.7.5",
"product_id": "T050866"
}
},
{
"category": "product_version",
"name": "18.7.5",
"product": {
"name": "Apple iPadOS 18.7.5",
"product_id": "T050866-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:18.7.5"
}
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43529",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43537",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43537"
},
{
"cve": "CVE-2025-46300",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-59375",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20605",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20611",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20615",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20621",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20626",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20634",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20637",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20637"
},
{
"cve": "CVE-2026-20638",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20638"
},
{
"cve": "CVE-2026-20640",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20640"
},
{
"cve": "CVE-2026-20641",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20642",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20642"
},
{
"cve": "CVE-2026-20644",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20645",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20645"
},
{
"cve": "CVE-2026-20649",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20655",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20655"
},
{
"cve": "CVE-2026-20656",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20660",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20661",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20661"
},
{
"cve": "CVE-2026-20663",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20663"
},
{
"cve": "CVE-2026-20667",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20668",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20668"
},
{
"cve": "CVE-2026-20671",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20674",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20674"
},
{
"cve": "CVE-2026-20675",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20678",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20678"
},
{
"cve": "CVE-2026-20680",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20682",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20682"
},
{
"cve": "CVE-2026-20686",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20686"
},
{
"cve": "CVE-2026-20694",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20694"
},
{
"cve": "CVE-2026-20700",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20700"
},
{
"cve": "CVE-2026-28855",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-28855"
}
]
}
WID-SEC-W-2026-0403
Vulnerability from csaf_certbund - Published: 2026-02-11 23:00 - Updated: 2026-03-24 23:00Summary
Apple macOS Tahoe, Sequoia und Sonoma: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - MacOS X
References
| URL | Category | |
|---|---|---|
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0403 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0403.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0403 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0403"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126348"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126349"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126350"
}
],
"source_lang": "en-US",
"title": "Apple macOS Tahoe, Sequoia und Sonoma: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-24T23:00:00.000+00:00",
"generator": {
"date": "2026-03-25T06:16:06.862+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0403",
"initial_release_date": "2026-02-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Tahoe \u003c26.3",
"product": {
"name": "Apple macOS Tahoe \u003c26.3",
"product_id": "T050860"
}
},
{
"category": "product_version",
"name": "Tahoe 26.3",
"product": {
"name": "Apple macOS Tahoe 26.3",
"product_id": "T050860-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:tahoe__26.3"
}
}
},
{
"category": "product_version_range",
"name": "Sequoia \u003c15.7.4",
"product": {
"name": "Apple macOS Sequoia \u003c15.7.4",
"product_id": "T050861"
}
},
{
"category": "product_version",
"name": "Sequoia 15.7.4",
"product": {
"name": "Apple macOS Sequoia 15.7.4",
"product_id": "T050861-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:sequoia__15.7.4"
}
}
},
{
"category": "product_version_range",
"name": "Sonoma \u003c14.8.4",
"product": {
"name": "Apple macOS Sonoma \u003c14.8.4",
"product_id": "T050862"
}
},
{
"category": "product_version",
"name": "Sonoma 14.8.4",
"product": {
"name": "Apple macOS Sonoma 14.8.4",
"product_id": "T050862-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:sonoma__14.8.4"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43338",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43338"
},
{
"cve": "CVE-2025-43402",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43402"
},
{
"cve": "CVE-2025-43403",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43403"
},
{
"cve": "CVE-2025-43417",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43417"
},
{
"cve": "CVE-2025-43529",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-46283",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46290",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46290"
},
{
"cve": "CVE-2025-46300",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-46310",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46310"
},
{
"cve": "CVE-2025-59375",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20601",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20601"
},
{
"cve": "CVE-2026-20602",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20602"
},
{
"cve": "CVE-2026-20603",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20603"
},
{
"cve": "CVE-2026-20605",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20610",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20610"
},
{
"cve": "CVE-2026-20611",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20612",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20612"
},
{
"cve": "CVE-2026-20614",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20614"
},
{
"cve": "CVE-2026-20615",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20618",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20618"
},
{
"cve": "CVE-2026-20619",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20619"
},
{
"cve": "CVE-2026-20620",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20620"
},
{
"cve": "CVE-2026-20621",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20622",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20622"
},
{
"cve": "CVE-2026-20623",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20623"
},
{
"cve": "CVE-2026-20624",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20624"
},
{
"cve": "CVE-2026-20625",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20625"
},
{
"cve": "CVE-2026-20626",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20629",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20629"
},
{
"cve": "CVE-2026-20630",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20630"
},
{
"cve": "CVE-2026-20634",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20637",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20637"
},
{
"cve": "CVE-2026-20639",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20639"
},
{
"cve": "CVE-2026-20641",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20644",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20646",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20646"
},
{
"cve": "CVE-2026-20647",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20647"
},
{
"cve": "CVE-2026-20648",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20648"
},
{
"cve": "CVE-2026-20649",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20651",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20651"
},
{
"cve": "CVE-2026-20652",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20656",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20658",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20658"
},
{
"cve": "CVE-2026-20660",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20662",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20662"
},
{
"cve": "CVE-2026-20666",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20666"
},
{
"cve": "CVE-2026-20667",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20668",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20668"
},
{
"cve": "CVE-2026-20669",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20669"
},
{
"cve": "CVE-2026-20671",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20675",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20680",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20681",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20681"
},
{
"cve": "CVE-2026-20694",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20694"
},
{
"cve": "CVE-2026-20699",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20699"
},
{
"cve": "CVE-2026-20700",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20700"
},
{
"cve": "CVE-2026-28855",
"product_status": {
"known_affected": [
"T050862",
"T050861",
"T050860"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-28855"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…