CVE-2025-43376: A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
Affects WebKit |
| |
x |
|
|
|
|
|
|
|
|
CVE-2025-43534: A user with physical access to an iOS device may be able to bypass Activation Lock.
Affects iTunes Store |
| |
x |
|
|
|
|
|
|
|
|
CVE-2026-20607: An app may be able to access protected user data.
Affects libxpc |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20631: A user may be able to elevate privileges.
Affects PackageKit |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-20632: An app may be able to access sensitive user data.
Affects Music |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-20633: An app may be able to access user-sensitive data.
Affects Archive Utility |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20637: An app may be able to cause unexpected system termination.
Affects AppleKeyStore |
| |
x |
|
x |
x |
|
|
|
|
|
CVE-2026-20639: Processing a maliciously crafted string may lead to heap corruption.
Affects configd |
| |
|
|
x |
x |
|
|
|
|
|
CVE-2026-20643: Processing maliciously crafted web content may bypass Same Origin Policy.
Affects WebKit |
| x |
x |
x |
|
|
|
|
x |
x |
|
CVE-2026-20651: An app may be able to access sensitive user data.
Affects Messages |
| |
|
|
x |
|
|
|
|
|
|
CVE-2026-20657: Parsing a maliciously crafted file may lead to an unexpected app termination.
Affects Vision |
| |
x |
|
x |
x |
|
|
|
|
|
CVE-2026-20660: A remote user may be able to write arbitrary files.
Affects CFNetwork |
| |
|
|
x |
|
|
|
|
|
|
CVE-2026-20665: Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Affects WebKit |
| x |
x |
x |
|
|
x |
x |
x |
x |
|
CVE-2026-20668: An app may be able to access sensitive user data.
Affects Focus |
| |
x |
|
x |
x |
|
|
|
|
|
CVE-2026-20684: An app may bypass Gatekeeper checks.
Affects AppleScript |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-20687: An app may be able to cause unexpected system termination or write kernel memory.
Affects Kernel |
| x |
x |
x |
x |
|
x |
x |
|
|
|
CVE-2026-20688: An app may be able to break out of its sandbox.
Affects Printing |
| x |
|
x |
x |
x |
|
|
x |
|
|
CVE-2026-20690: Processing an audio stream in a maliciously crafted media file may terminate the process.
Affects CoreMedia |
| x |
x |
x |
x |
x |
x |
x |
x |
|
|
CVE-2026-20691: A maliciously crafted webpage may be able to fingerprint the user.
Affects WebKit Sandboxing |
| x |
|
x |
|
|
|
x |
x |
x |
|
CVE-2026-20692: “Hide IP Address” and “Block All Remote Content” may not apply to all mail content.
Affects Mail |
| x |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20693: An attacker with root privileges may be able to delete protected system files.
Affects PackageKit |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20694: An app may be able to access user-sensitive data.
Affects MigrationKit |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20695: An app may be able to determine kernel memory layout.
Affects Kernel |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20697: An app may be able to access sensitive user data.
Affects Spotlight |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20698: An app may be able to cause unexpected system termination or corrupt kernel memory.
Affects Kernel |
| x |
|
x |
|
|
x |
x |
x |
|
|
CVE-2026-20699: An app may be able to access user-sensitive data.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-20701: An app may be able to connect to a network share without user consent.
Affects NetAuth |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28816: An app may be able to delete files for which it does not have permission.
Affects Notes |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28817: A sandboxed process may be able to circumvent sandbox restrictions.
Affects Printing |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28818: An app may be able to access sensitive user data.
Affects Spotlight |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28820: An app may be able to access sensitive user data.
Affects StorageKit |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28821: An app may be able to gain elevated privileges.
Affects CoreServices |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28822: An attacker may be able to cause unexpected app termination.
Affects Audio |
| x |
|
x |
x |
x |
x |
x |
x |
|
|
CVE-2026-28823: An app with root privileges may be able to delete protected system files.
Affects Admin Framework |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28824: An app may be able to access sensitive user data.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28825: An app may be able to modify protected parts of the file system.
Affects SMB |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28826: A malicious app may be able to break out of its sandbox.
Affects NSColorPanel |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28827: An app may be able to break out of its sandbox.
Affects NetFSFramework |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28828: An app may be able to access sensitive user data.
Affects TCC |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28829: An app may be able to modify protected parts of the file system.
Affects WebDAV |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28831: An app may be able to access sensitive user data.
Affects Printing |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28832: An app may be able to disclose kernel memory.
Affects File System |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28833: An app may be able to enumerate a user’s installed apps.
Affects iCloud |
| x |
|
x |
|
|
|
|
x |
|
|
CVE-2026-28834: An app may be able to cause unexpected system termination.
Affects GPU Drivers |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28835: Mounting a maliciously crafted SMB network share may lead to system termination.
Affects SMB |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28837: An app may be able to access sensitive user data.
Affects System Settings |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28838: An app may be able to break out of its sandbox.
Affects CoreServices |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28839: An app may be able to access sensitive user data.
Affects NetAuth |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28841: A buffer overflow may result in memory corruption and unexpected app termination.
Affects IOGraphics |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28842: A buffer overflow may result in memory corruption and unexpected app termination.
Affects IOGraphics |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28844: An attacker may gain access to protected parts of the file system.
Affects SystemMigration |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28845: An app may be able to access protected user data.
Affects LaunchServices |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28852: An app may be able to cause a denial-of-service.
Affects UIFoundation |
| x |
x |
x |
x |
|
x |
x |
x |
|
|
CVE-2026-28856: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects Siri |
| x |
|
|
|
|
|
x |
x |
|
|
CVE-2026-28857: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects WebKit |
| x |
|
x |
|
|
|
|
x |
x |
|
CVE-2026-28858: A remote user may be able to cause unexpected system termination or corrupt kernel memory.
Affects Telephony |
| x |
|
|
|
|
|
|
|
|
|
CVE-2026-28859: A malicious website may be able to process restricted web content outside the sandbox.
Affects WebKit |
| x |
|
x |
|
|
x |
x |
x |
x |
|
CVE-2026-28861: A malicious website may be able to access script message handlers intended for other origins.
Affects WebKit |
| x |
x |
x |
|
|
|
|
x |
x |
|
CVE-2026-28862: An app may be able to access user-sensitive data.
Affects Phone |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28863: An app may be able to fingerprint the user.
Affects Sandbox Profiles |
| x |
|
|
|
|
x |
x |
x |
|
|
CVE-2026-28864: A local attacker may gain access to user’s Keychain items.
Affects Security |
| x |
x |
x |
x |
x |
|
x |
x |
|
|
CVE-2026-28865: An attacker in a privileged network position may be able to intercept network traffic.
Affects 802.1X |
| x |
x |
x |
x |
x |
x |
x |
x |
|
|
CVE-2026-28866: An app may be able to access sensitive user data.
Affects Clipboard |
| x |
x |
x |
x |
x |
|
|
|
|
|
CVE-2026-28867: An app may be able to leak sensitive kernel state.
Affects Kernel |
| x |
x |
x |
x |
|
x |
x |
x |
|
|
CVE-2026-28868: An app may be able to disclose kernel memory.
Affects Kernel |
| x |
x |
x |
x |
x |
|
x |
x |
|
|
CVE-2026-28870: An app may be able to access sensitive user data.
Affects GeoServices |
| x |
|
x |
|
|
x |
x |
x |
|
|
CVE-2026-28871: Visiting a maliciously crafted website may lead to a cross-site scripting attack.
Affects WebKit |
| x |
x |
x |
|
|
|
|
|
x |
|
CVE-2026-28874: A remote attacker may cause an unexpected app termination.
Affects Baseband |
| x |
|
|
|
|
|
|
|
|
|
CVE-2026-28875: A remote attacker may be able to cause a denial-of-service.
Affects Baseband |
| x |
|
|
|
|
|
|
|
|
|
CVE-2026-28876: An app may be able to access sensitive user data.
Affects DeviceLink |
| x |
x |
x |
x |
x |
|
|
x |
|
|
CVE-2026-28877: An app may be able to access sensitive user data.
Affects Accounts |
| x |
|
x |
x |
|
|
x |
x |
|
|
CVE-2026-28878: An app may be able to enumerate a user’s installed apps.
Affects Crash Reporter |
| x |
x |
x |
|
x |
x |
x |
x |
|
|
CVE-2026-28879: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects Audio |
| x |
x |
x |
x |
x |
x |
x |
x |
|
|
CVE-2026-28880: An app may be able to enumerate a user’s installed apps.
Affects iCloud |
| |
x |
|
x |
x |
|
|
|
|
|
CVE-2026-28881: An app may be able to access sensitive user data.
Affects iCloud |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28882: An app may be able to enumerate a user’s installed apps.
Affects libxpc |
| x |
|
x |
|
|
x |
x |
x |
|
|
CVE-2026-28886: A user in a privileged network position may be able to cause a denial-of-service.
Affects CoreUtils |
| x |
x |
x |
x |
x |
x |
x |
x |
|
|
CVE-2026-28888: An app may be able to gain root privileges.
Affects CUPS |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28889: An app may be able to read arbitrary files as root.
Affects Simulator |
| |
|
|
|
|
|
|
|
|
x |
CVE-2026-28890: An app may be able to cause unexpected system termination.
Affects otool |
| |
|
|
|
|
|
|
|
|
x |
CVE-2026-28891: An app may be able to break out of its sandbox.
Affects NetAuth |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28892: An app may be able to modify protected parts of the file system.
Affects Diagnostics |
| |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28893: A document may be written to a temporary file when using print preview.
Affects CUPS |
| |
|
x |
|
|
|
|
|
|
|
CVE-2026-28894: A remote attacker may be able to cause a denial-of-service.
Affects Calling Framework |
| x |
|
x |
x |
x |
|
|
|
|
|
CVE-2026-28895: An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.
Affects App Protection |
| x |
|
|
|
|
|
|
|
|
|
Leave a Reply