About the security content of macOS Sonoma 14.8.7

About the security content of macOS Sonoma 14.8.7 This document describes the security content of macOS Sonoma 14.8.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

About the security content of visionOS 26.5

About the security content of visionOS 26.5 This document describes the security content of visionOS 26.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of macOS Sequoia 15.7.7

About the security content of macOS Sequoia 15.7.7 This document describes the security content of macOS Sequoia 15.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

...

SUSE CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

EUVD-2026-20761

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

Linux Distros Unpatched Vulnerability : CVE-2026-40025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows...

DEBIAN-CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

UBUNTU-CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

CVE-2026-40025

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...

Security Bulletin: Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950.

Summary Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition...

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...

EUVD-2023-60134

In the Linux kernel, the following vulnerability has been resolved: hfs: fix missing hfsbnodeget in hfsbnodecreate Syzbot found a kernel BUG in hfsbnodeput: kernel BUG at fs/hfs/bnode.c:466! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted...

CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()

In the Linux kernel, the following vulnerability has been resolved: hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits The syzbot reported issue in hfsfindsetzerobits: ===================================================== BUG: KMSAN: uninit-value in hfsfindsetzerobits+0x74d/0xb60...

PT-2022-36714 · Apple · Apfs

Name of the Vulnerable Software and Affected Versions: APFS affected versions not specified Description: The issue is related to a crash type of UNKNOWN READ in the APFSJObjBtreeNode::find function. The crash state involves the APFSBtreeNodeIterator and APFSJObjTree::obj. No information is provid...

PT-2022-7234 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Ventura 13 Description: The issue is related to insufficient access control in the APFS component of the macOS operating system. Exploitation of this issue may allow an attacker to disclose protected information. An ap...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. An arbitrary file read vulnerability exists in Apple macOS, which arises from an application not properly applying security restrictions within the APFS component of macOS. A local user can read arbitrary files on...

Apple macOS High Sierra APFS Logic Flaw Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.APFS is one of the file system components for Apple devices. A security vulnerability exists in the APFS component in Apple macOS High Sierra version 10.13.1, which stems from the fact that APFS...