CVE-2025-43441

CVE-2025-43441: Apple fixed a memory handling issue that could cause a crash when processing malicious web content. The fix is in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 / iPadOS 26.1, Safari 26.1, and iOS 18.7.2 / iPadOS 18.7.2, visionOS 26.1. Monitor for updates to affected Apple platforms and ap...

CVE-2025-43338

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory...

CVE-2025-43436

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps...

CVE-2025-43436

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps...

CVE-2025-43436

CVE-2025-43436 is a permissions issue affecting Apple OS components (notably CoreServices) where an app may enumerate a user’s installed apps. The connected Nessus entry for Apple TV (and related Apple platforms) confirms CoreServices involvement and ties the CVE to an exposure of installed apps....

CVE-2025-43460

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2025-43323

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to fingerprint the user...

CVE-2025-43495

The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission...

CVE-2025-43495

CVE-2025-43495 affects iOS and iPadOS where a keystroke monitoring issue existed. The vulnerability is addressed by Apple in iOS 18.7.2 and iPadOS 18.7.2, and in iOS 26.1 and iPadOS 26.1, per the CVE description and Apple security content. Connected documents corroborate that an app may be able t...

CVE-2025-43440

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

CVE-2025-43496

The CVE-2025-43496 issue affects Apple platforms (watchOS 26.1; macOS Tahoe 26.1; iOS 26.1/iPadOS 26.1; iOS 18.7.2/iPadOS 18.7.2; macOS Sequoia 15.7.2; visionOS 26.1). Description: remote content could be loaded even when the device setting Load Remote Images is off. Root cause: insufficient logi...

CVE-2025-43438

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

CVE-2025-43438

The CVE-2025-43438 issue is a use-after-free in WebKit/Safari related to processing malicious web content, addressed by memory-management fixes. Affected products include watchOS 26.1, macOS Tahoe 26.1, iOS 26.1, iPadOS 26.1, Safari 26.1, visionOS 26.1, and iOS/iPadOS 18.7.2. The vulnerability ca...

CVE-2025-43438

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

CVE-2025-43480

The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin...

CVE-2025-43480

CVE-2025-43480 is a cross-origin data exfiltration vulnerability impacting Apple platforms and Safari/WebKit in general. The issue is addressed with improved checks and is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1, iPadOS 26.1, Safari 26.1, and visionOS 26.1. The CVSSv3.1 score...

CVE-2025-43443

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2025-43434

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

CVE-2025-43422

The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection...