CVE-2026-20617

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges...

CVE-2026-20616

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination...

CVE-2026-20641

A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has install...

CVE-2026-20677

The CVE-2026-20677 entry describes a race condition related to symbolic link handling that could allow a shortcut to bypass sandbox restrictions. Affected software includes macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, and iOS 26.3 / iPadOS 26.3. The root cau...

CVE-2026-20636

Technical details are not publicly available in the provided connected documents. Monitor for updates.

CVE-2026-20636

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-20636

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-20650

A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets...

CVE-2026-20650

A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets...

CVE-2026-20611

An out-of-bounds access issue affecting media processing was addressed by improved bounds checking. The vulnerability is fixed in multiple Apple platforms: watchOS 26.3 tvOS 26.3 macOS Tahoe 26.3 macOS Sonoma 14.8.4 macOS Sequoia 15.7.4 iOS 18.7.5 and iOS 26.3 iPadOS 18.7.5 and 26.3 visionOS 26.3...

CVE-2026-20611

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media fil...

CVE-2026-20671

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to interce...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

Affected platforms: watchOS 26.3; macOS Tahoe 26.3; macOS Sonoma 14.8.4; visionOS 26.3; iOS 26.3; iPadOS 26.3.Issue: improper handling of environment variables, with root cause described as improved validation.Impact: an app may access sensitive user data due to this handling.Status: fixed in the...

CVE-2026-20626

Technical details beyond what is in the Initial Description are not provided in the supplied documents. Monitor for updates on affected platforms, components, vulnerability scope, and remediation status.

PT-2026-7763

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.4 iOS versions prior to 26.3 iPadOS versions prior to 26.3 macOS Tahoe versions prior to 26.3 visionOS versions prior to 26.3 Description A malicious application may be able to gain root privileges due to...

PT-2026-7755

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.4 watchOS versions prior to 26.3 tvOS versions prior to 26.3 visionOS versions prior to 26.3 iOS versions prior to 26.3 iPadOS versions prior to 26.3 Description A race condition existed due to improper stat...

PT-2026-7800

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 macOS versions prior to Sonoma 14.8.4 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 visionOS versions prior to 26.3 Description A race condition exists in the handling of symbolic links. This...