⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...

CVE-2025-46315

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...

EUVD-2025-210121

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information...

EUVD-2025-210120

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-43339

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data...

CVE-2025-46293

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

EUVD-2025-210117

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...

CVE-2025-31272

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions of Apple macOS such as Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. These vulnerabilities stem from insufficient checks, which may allow...

CVE-2026-11626

CleanWipe Removal Tool macOS, prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control...

PT-2026-48518

CleanWipe Removal Tool macOS, prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control...

EUVD-2026-35705

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

CVE-2026-22926

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

CVE-2026-22926

Technical details about CVE-2026-22926 are not publicly available in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from Omnissa and CVE listings.

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

CVE-2026-11655

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Waves Central 代码问题漏洞

Waves Central is an audio software licensing and product management tool developed by Waves Corporation. Versions of Waves Central for macOS from 13.0.9 to 16.5.5 contain code vulnerabilities. These vulnerabilities stem from the use of a trusted XPC client component that employs enhanced runtime...

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result...

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2026-47558

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRON RUN AS NODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact ...