25211 matches found
CVE-2025-43446
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to modify protected parts of the file system...
CVE-2025-43503
CVE-2025-43503 describes an inconsistent user interface issue caused by imperfect state management. The vulnerability affects Apple software across multiple platforms: watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, and visionOS 26.1. Visiting a malicious website may lead t...
CVE-2025-43450
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access...
CVE-2025-43391
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data...
CVE-2025-43427
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43364
CVE-2025-43364 describes a race condition in macOS components that could allow an app to break out of its sandbox. The issue was addressed with additional validation and is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7 (and related advisories). The available sources (NVD/NCSC/Red Hat Apple secur...
CVE-2025-43379
CVE-2025-43379 arises from insufficient validation of symlinks in Apple OS components. Affected products include tvOS, watchOS, macOS (Tahoe 26.1; Sequoia 15.7.2; Sonoma 14.8.2), iOS/iPadOS (26.1) and visionOS 26.1. The issue may allow an app to access protected user data due to improper symlink ...
CVE-2025-43457
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...
CVE-2025-43338
CVE-2025-43338 is an out-of-bounds access issue that affects macOS during processing of a malicious media file, potentially causing an app termination or memory corruption. The vulnerability is addressed by bounds checking improvements and is fixed in macOS Tahoe 26 and macOS Sonoma 14.8.2 (per t...
CVE-2025-43334
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data...
CVE-2025-43498
CVE-2025-43498 describes an authorization issue resolved by improved state management in Apple products. The fixed products and versions are macOS Tahoe 26.1, iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and visionOS 26.1. The issue could allow an app to access sensitive user...
CVE-2025-43323
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user...
CVE-2025-43440
This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43440
CVE-2025-43440 is a WebKitGTK/WebKitGTK4 vulnerability affecting WebKitGTK components (webkitgtk4) that can cause an unexpected process crash when processing malicious web content. Connected advisories show the issue being addressed across multiple distributions with concrete fixes: Amazon Linux ...
CVE-2025-43440
This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43479
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43496
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...
CVE-2025-43438
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...
CVE-2025-43455
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views...
CVE-2025-43422
CVE-2025-43422 affects Apple iOS/iPadOS; vulnerability arises in Stolen Device Protection and is fixed in iOS 26.1/iPadOS 26.1. An attacker with physical access could disable Stolen Device Protection, per Red Hat/NVD/NCSC entries and Apple security content. Remediation: update to iOS 26.1 / iPadO...