Vulnerability-Lookup

CVE-2026-28855 (GCVE-0-2026-28855)

Vulnerability from cvelistv5 – Published: 2026-03-25 00:32 – Updated: 2026-03-25 20:17

Summary

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

An app may be able to access protected user data

Assigner

apple

References

URL

FKIE_CVE-2026-28855

Vulnerability from fkie_nvd - Published: 2026-03-25 01:17 - Updated: 2026-03-26 20:12

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/en-us/126346	Vendor Advisory
	product-security@apple.com	https://support.apple.com/en-us/126348	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73ED2212-C513-4BE8-8EDB-40DF4323558E",
              "versionEndExcluding": "26.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC63AFD-9C97-45CD-80CF-CC60DF064838",
              "versionEndExcluding": "26.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0488A377-7971-4703-8823-05BF1E23CF48",
              "versionEndExcluding": "26.3",
              "versionStartIncluding": "26.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de permisos con restricciones adicionales. Este problema se corrigi\u00f3 en iOS 26.3 y iPadOS 26.3, macOS Tahoe 26.3. Una aplicaci\u00f3n podr\u00eda acceder a datos de usuario protegidos."
    }
  ],
  "id": "CVE-2026-28855",
  "lastModified": "2026-03-26T20:12:49.150",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-25T01:17:09.620",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126346"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/126348"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2026-0403

Vulnerability from csaf_certbund - Published: 2026-02-11 23:00 - Updated: 2026-03-24 23:00

Summary

Apple macOS Tahoe, Sequoia und Sonoma: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - MacOS X

CVE-2025-14174

CVE-2025-43338

CVE-2025-43402

CVE-2025-43403

CVE-2025-43417

CVE-2025-43529

CVE-2025-43533

CVE-2025-46283

CVE-2025-46290

CVE-2025-46300

CVE-2025-46301

CVE-2025-46302

CVE-2025-46303

CVE-2025-46304

CVE-2025-46305

CVE-2025-46310

CVE-2025-59375

CVE-2026-20601

CVE-2026-20602

CVE-2026-20603

CVE-2026-20605

CVE-2026-20606

CVE-2026-20608

CVE-2026-20609

CVE-2026-20610

CVE-2026-20611

CVE-2026-20612

CVE-2026-20614

CVE-2026-20615

CVE-2026-20616

CVE-2026-20617

CVE-2026-20618

CVE-2026-20619

CVE-2026-20620

CVE-2026-20621

CVE-2026-20622

CVE-2026-20623

CVE-2026-20624

CVE-2026-20625

CVE-2026-20626

CVE-2026-20627

CVE-2026-20628

CVE-2026-20629

CVE-2026-20630

CVE-2026-20634

CVE-2026-20635

CVE-2026-20636

CVE-2026-20637

CVE-2026-20639

CVE-2026-20641

CVE-2026-20644

CVE-2026-20646

CVE-2026-20647

CVE-2026-20648

CVE-2026-20649

CVE-2026-20650

CVE-2026-20651

CVE-2026-20652

CVE-2026-20653

CVE-2026-20654

CVE-2026-20656

CVE-2026-20658

CVE-2026-20660

CVE-2026-20662

CVE-2026-20666

CVE-2026-20667

CVE-2026-20668

CVE-2026-20669

CVE-2026-20671

CVE-2026-20673

CVE-2026-20675

CVE-2026-20676

CVE-2026-20677

CVE-2026-20680

CVE-2026-20681

CVE-2026-20694

CVE-2026-20699

CVE-2026-20700

CVE-2026-28855

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://support.apple.com/en-us/126348	external
	https://support.apple.com/en-us/126349	external
	https://support.apple.com/en-us/126350	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein  Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0403 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0403.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0403 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0403"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126348"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126349"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126350"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS Tahoe, Sequoia und Sonoma: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-24T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-25T06:16:06.862+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0403",
      "initial_release_date": "2026-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Tahoe \u003c26.3",
                "product": {
                  "name": "Apple macOS Tahoe \u003c26.3",
                  "product_id": "T050860"
                }
              },
              {
                "category": "product_version",
                "name": "Tahoe 26.3",
                "product": {
                  "name": "Apple macOS Tahoe 26.3",
                  "product_id": "T050860-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:tahoe__26.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Sequoia \u003c15.7.4",
                "product": {
                  "name": "Apple macOS Sequoia \u003c15.7.4",
                  "product_id": "T050861"
                }
              },
              {
                "category": "product_version",
                "name": "Sequoia 15.7.4",
                "product": {
                  "name": "Apple macOS Sequoia 15.7.4",
                  "product_id": "T050861-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:sequoia__15.7.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Sonoma \u003c14.8.4",
                "product": {
                  "name": "Apple macOS Sonoma \u003c14.8.4",
                  "product_id": "T050862"
                }
              },
              {
                "category": "product_version",
                "name": "Sonoma 14.8.4",
                "product": {
                  "name": "Apple macOS Sonoma 14.8.4",
                  "product_id": "T050862-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:sonoma__14.8.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43338",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43338"
    },
    {
      "cve": "CVE-2025-43402",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43402"
    },
    {
      "cve": "CVE-2025-43403",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43403"
    },
    {
      "cve": "CVE-2025-43417",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43417"
    },
    {
      "cve": "CVE-2025-43529",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-46283",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46283"
    },
    {
      "cve": "CVE-2025-46290",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46290"
    },
    {
      "cve": "CVE-2025-46300",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-46310",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46310"
    },
    {
      "cve": "CVE-2025-59375",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20601",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20601"
    },
    {
      "cve": "CVE-2026-20602",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20602"
    },
    {
      "cve": "CVE-2026-20603",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20603"
    },
    {
      "cve": "CVE-2026-20605",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20610",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20610"
    },
    {
      "cve": "CVE-2026-20611",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20612",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20612"
    },
    {
      "cve": "CVE-2026-20614",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20614"
    },
    {
      "cve": "CVE-2026-20615",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20618",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20618"
    },
    {
      "cve": "CVE-2026-20619",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20619"
    },
    {
      "cve": "CVE-2026-20620",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20620"
    },
    {
      "cve": "CVE-2026-20621",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20622",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20622"
    },
    {
      "cve": "CVE-2026-20623",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20623"
    },
    {
      "cve": "CVE-2026-20624",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20624"
    },
    {
      "cve": "CVE-2026-20625",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20625"
    },
    {
      "cve": "CVE-2026-20626",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20629",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20629"
    },
    {
      "cve": "CVE-2026-20630",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20630"
    },
    {
      "cve": "CVE-2026-20634",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20637",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20637"
    },
    {
      "cve": "CVE-2026-20639",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20639"
    },
    {
      "cve": "CVE-2026-20641",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20644",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20646",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20646"
    },
    {
      "cve": "CVE-2026-20647",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20647"
    },
    {
      "cve": "CVE-2026-20648",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20648"
    },
    {
      "cve": "CVE-2026-20649",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20651",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20651"
    },
    {
      "cve": "CVE-2026-20652",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20656",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20658",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20658"
    },
    {
      "cve": "CVE-2026-20660",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20662",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20662"
    },
    {
      "cve": "CVE-2026-20666",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20666"
    },
    {
      "cve": "CVE-2026-20667",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20668",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20668"
    },
    {
      "cve": "CVE-2026-20669",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20669"
    },
    {
      "cve": "CVE-2026-20671",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20675",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20680",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20681",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20681"
    },
    {
      "cve": "CVE-2026-20694",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20694"
    },
    {
      "cve": "CVE-2026-20699",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20699"
    },
    {
      "cve": "CVE-2026-20700",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20700"
    },
    {
      "cve": "CVE-2026-28855",
      "product_status": {
        "known_affected": [
          "T050862",
          "T050861",
          "T050860"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-28855"
    }
  ]
}

WID-SEC-W-2026-0402

Vulnerability from csaf_certbund - Published: 2026-02-11 23:00 - Updated: 2026-03-24 23:00

Summary

Apple iOS und iPadOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch. Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - MacOS X - Sonstiges

CVE-2025-14174

CVE-2025-43529

CVE-2025-43533

CVE-2025-43537

CVE-2025-46300

CVE-2025-46301

CVE-2025-46302

CVE-2025-46303

CVE-2025-46304

CVE-2025-46305

CVE-2025-59375

CVE-2026-20605

CVE-2026-20606

CVE-2026-20608

CVE-2026-20609

CVE-2026-20611

CVE-2026-20615

CVE-2026-20616

CVE-2026-20617

CVE-2026-20621

CVE-2026-20626

CVE-2026-20627

CVE-2026-20628

CVE-2026-20634

CVE-2026-20635

CVE-2026-20636

CVE-2026-20637

CVE-2026-20638

CVE-2026-20640

CVE-2026-20641

CVE-2026-20642

CVE-2026-20644

CVE-2026-20645

CVE-2026-20649

CVE-2026-20650

CVE-2026-20652

CVE-2026-20653

CVE-2026-20654

CVE-2026-20655

CVE-2026-20656

CVE-2026-20660

CVE-2026-20661

CVE-2026-20663

CVE-2026-20667

CVE-2026-20668

CVE-2026-20671

CVE-2026-20673

CVE-2026-20674

CVE-2026-20675

CVE-2026-20676

CVE-2026-20677

CVE-2026-20678

CVE-2026-20680

CVE-2026-20682

CVE-2026-20686

CVE-2026-20694

CVE-2026-20700

CVE-2026-28855

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://support.apple.com/en-us/126346	external
	https://support.apple.com/en-us/126347	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0402 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0402.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0402 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0402"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126346"
      },
      {
        "category": "external",
        "summary": "Apple security updates vom 2026-02-11",
        "url": "https://support.apple.com/en-us/126347"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-24T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-25T06:11:04.490+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0402",
      "initial_release_date": "2026-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.3",
                "product": {
                  "name": "Apple iOS \u003c26.3",
                  "product_id": "T050863"
                }
              },
              {
                "category": "product_version",
                "name": "26.3",
                "product": {
                  "name": "Apple iOS 26.3",
                  "product_id": "T050863-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:26.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.7.5",
                "product": {
                  "name": "Apple iOS \u003c18.7.5",
                  "product_id": "T050865"
                }
              },
              {
                "category": "product_version",
                "name": "18.7.5",
                "product": {
                  "name": "Apple iOS 18.7.5",
                  "product_id": "T050865-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:18.7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.3",
                "product": {
                  "name": "Apple iPadOS \u003c26.3",
                  "product_id": "T050864"
                }
              },
              {
                "category": "product_version",
                "name": "26.3",
                "product": {
                  "name": "Apple iPadOS 26.3",
                  "product_id": "T050864-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:26.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.7.5",
                "product": {
                  "name": "Apple iPadOS \u003c18.7.5",
                  "product_id": "T050866"
                }
              },
              {
                "category": "product_version",
                "name": "18.7.5",
                "product": {
                  "name": "Apple iPadOS 18.7.5",
                  "product_id": "T050866-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:18.7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43529",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43537",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-43537"
    },
    {
      "cve": "CVE-2025-46300",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-59375",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20605",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20611",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20615",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20621",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20626",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20634",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20637",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20637"
    },
    {
      "cve": "CVE-2026-20638",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20638"
    },
    {
      "cve": "CVE-2026-20640",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20640"
    },
    {
      "cve": "CVE-2026-20641",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20642",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20642"
    },
    {
      "cve": "CVE-2026-20644",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20645",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20645"
    },
    {
      "cve": "CVE-2026-20649",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20652",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20655",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20655"
    },
    {
      "cve": "CVE-2026-20656",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20660",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20661",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20661"
    },
    {
      "cve": "CVE-2026-20663",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20663"
    },
    {
      "cve": "CVE-2026-20667",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20668",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20668"
    },
    {
      "cve": "CVE-2026-20671",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20674",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20674"
    },
    {
      "cve": "CVE-2026-20675",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20678",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20678"
    },
    {
      "cve": "CVE-2026-20680",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20682",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20682"
    },
    {
      "cve": "CVE-2026-20686",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20686"
    },
    {
      "cve": "CVE-2026-20694",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20694"
    },
    {
      "cve": "CVE-2026-20700",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-20700"
    },
    {
      "cve": "CVE-2026-28855",
      "product_status": {
        "known_affected": [
          "T050866",
          "T050865",
          "T050864",
          "T050863"
        ]
      },
      "release_date": "2026-02-11T23:00:00.000+00:00",
      "title": "CVE-2026-28855"
    }
  ]
}

GHSA-P843-7PMP-82HG

Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-25 21:30

Details

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-28855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T01:17:09Z",
    "severity": "HIGH"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.",
  "id": "GHSA-p843-7pmp-82hg",
  "modified": "2026-03-25T21:30:30Z",
  "published": "2026-03-25T03:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28855"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126346"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126348"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-28855 (GCVE-0-2026-28855)

FKIE_CVE-2026-28855

WID-SEC-W-2026-0403

WID-SEC-W-2026-0402

GHSA-P843-7PMP-82HG

Tags

Sightings

Nomenclature