CVE-2026-20652

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service...

CVE-2026-20605

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process...

CVE-2026-20605

CVE-2026-20605 affects multiple Apple platforms. The issue was addressed by improved memory handling and is fixed in iOS/iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, and macOS Tahoe 26.3. An app may be able to crash a system process. The citations describe memory-related defects and ...

CVE-2026-20609

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a...

CVE-2026-20609

CVE-2026-20609 is a memory-handling vulnerability affecting Apple systems where processing a maliciously crafted file may cause denial-of-service or memory disclosure. Connected sources map the issue to CoreMedia on Apple Watch (and related Apple platforms) with fixes implemented in iOS/iPadOS 18...

CVE-2026-20608

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-20608

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-20608

The CVE-2026-20608 issue is a vulnerability in processing malicious web content that leads to an unexpected process crash. The root cause is described as improved state management. Affected products/targets include Safari (macOS and iOS family) and related OS variants, with fixes rolled out in Sa...

CVE-2026-20649

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information...

CVE-2026-20653

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user da...

CVE-2026-20653

CVE-2026-20653 involves a parsing issue in the Shortcuts component related to handling of directory paths. The flaw allows an app to access sensitive user data and is addressed by path validation improvements, with fixes in: iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15...

CVE-2026-20645

CVE-2026-20645 is an Apple iOS/iPadOS vulnerability described as an inconsistent user interface issue addressed by improved state management. It affects locked devices where an attacker with physical access may view sensitive user information. The CVE is fixed in iOS 18.7.5 and iPadOS 18.7.5, and...

CVE-2026-20628

CVE-2026-20628 describes a permissions issue in the sandbox component that could allow an app to break out of its sandbox. The vulnerability is fixed in multiple Apple platforms and versions: iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS ...

CVE-2026-20674

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2026-20635

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-20635

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2025-46301

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash...

CVE-2025-46301

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash...

CVE-2026-20678

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20678

Summary: CVE-2026-20678 is an authorization issue in Apple’s iOS and iPadOS that arises from improved state management. The vulnerability could allow an app to access sensitive user data. Affected products/versions: iOS and iPadOS prior to 18.7.5 and prior to 26.3; fixed in iOS 18.7.5 / iPadOS 18...