Category: Uncategorized

CVE-2025-43376: A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

Affects WebKit

 

x

 

 

 

 

 

 

 

 

CVE-2025-43534: A user with physical access to an iOS device may be able to bypass Activation Lock.

Affects iTunes Store

 

x

 

 

 

 

 

 

 

 

CVE-2026-20607: An app may be able to access protected user data.

Affects libxpc

 

 

x

x

x

 

 

 

 

 

CVE-2026-20631: A user may be able to elevate privileges.

Affects PackageKit

 

 

x

 

 

 

 

 

 

 

CVE-2026-20632: An app may be able to access sensitive user data.

Affects Music

 

 

x

 

 

 

 

 

 

 

CVE-2026-20633: An app may be able to access user-sensitive data.

Affects Archive Utility

 

 

x

x

x

 

 

 

 

 

CVE-2026-20637: An app may be able to cause unexpected system termination.

Affects AppleKeyStore

 

x

 

x

x

 

 

 

 

 

CVE-2026-20639: Processing a maliciously crafted string may lead to heap corruption.

Affects configd

 

 

 

x

x

 

 

 

 

 

CVE-2026-20643: Processing maliciously crafted web content may bypass Same Origin Policy.

Affects WebKit

x

x

x

 

 

 

 

x

x

 

CVE-2026-20651: An app may be able to access sensitive user data.

Affects Messages

 

 

 

x

 

 

 

 

 

 

CVE-2026-20657: Parsing a maliciously crafted file may lead to an unexpected app termination.

Affects Vision

 

x

 

x

x

 

 

 

 

 

CVE-2026-20660: A remote user may be able to write arbitrary files.

Affects CFNetwork

 

 

 

x

 

 

 

 

 

 

CVE-2026-20665: Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Affects WebKit

x

x

x

 

 

x

x

x

x

 

CVE-2026-20668: An app may be able to access sensitive user data.

Affects Focus

 

x

 

x

x

 

 

 

 

 

CVE-2026-20684: An app may bypass Gatekeeper checks.

Affects AppleScript

 

 

x

 

 

 

 

 

 

 

CVE-2026-20687: An app may be able to cause unexpected system termination or write kernel memory.

Affects Kernel

x

x

x

x

 

x

x

 

 

 

CVE-2026-20688: An app may be able to break out of its sandbox.

Affects Printing

x

 

x

x

x

 

 

x

 

 

CVE-2026-20690: Processing an audio stream in a maliciously crafted media file may terminate the process.

Affects CoreMedia

x

x

x

x

x

x

x

x

 

 

CVE-2026-20691: A maliciously crafted webpage may be able to fingerprint the user.

Affects WebKit Sandboxing

x

 

x

 

 

 

x

x

x

 

CVE-2026-20692: “Hide IP Address” and “Block All Remote Content” may not apply to all mail content.

Affects Mail

x

 

x

x

x

 

 

 

 

 

CVE-2026-20693: An attacker with root privileges may be able to delete protected system files.

Affects PackageKit

 

 

x

x

x

 

 

 

 

 

CVE-2026-20694: An app may be able to access user-sensitive data.

Affects MigrationKit

 

 

x

x

x

 

 

 

 

 

CVE-2026-20695: An app may be able to determine kernel memory layout.

Affects Kernel

 

 

x

x

x

 

 

 

 

 

CVE-2026-20697: An app may be able to access sensitive user data.

Affects Spotlight

 

 

x

x

x

 

 

 

 

 

CVE-2026-20698: An app may be able to cause unexpected system termination or corrupt kernel memory.

Affects Kernel

x

 

x

 

 

x

x

x

 

 

CVE-2026-20699: An app may be able to access user-sensitive data.

Affects AppleMobileFileIntegrity

 

 

x

x

x

 

 

 

 

 

CVE-2026-20701: An app may be able to connect to a network share without user consent.

Affects NetAuth

 

 

x

x

x

 

 

 

 

 

CVE-2026-28816: An app may be able to delete files for which it does not have permission.

Affects Notes

 

 

x

x

x

 

 

 

 

 

CVE-2026-28817: A sandboxed process may be able to circumvent sandbox restrictions.

Affects Printing

 

 

x

x

x

 

 

 

 

 

CVE-2026-28818: An app may be able to access sensitive user data.

Affects Spotlight

 

 

x

x

x

 

 

 

 

 

CVE-2026-28820: An app may be able to access sensitive user data.

Affects StorageKit

 

 

x

 

 

 

 

 

 

 

CVE-2026-28821: An app may be able to gain elevated privileges.

Affects CoreServices

 

 

x

x

x

 

 

 

 

 

CVE-2026-28822: An attacker may be able to cause unexpected app termination.

Affects Audio

x

 

x

x

x

x

x

x

 

 

CVE-2026-28823: An app with root privileges may be able to delete protected system files.

Affects Admin Framework

 

 

x

 

 

 

 

 

 

 

CVE-2026-28824: An app may be able to access sensitive user data.

Affects AppleMobileFileIntegrity

 

 

x

x

x

 

 

 

 

 

CVE-2026-28825: An app may be able to modify protected parts of the file system.

Affects SMB

 

 

x

x

x

 

 

 

 

 

CVE-2026-28826: A malicious app may be able to break out of its sandbox.

Affects NSColorPanel

 

 

x

 

 

 

 

 

 

 

CVE-2026-28827: An app may be able to break out of its sandbox.

Affects NetFSFramework

 

 

x

x

x

 

 

 

 

 

CVE-2026-28828: An app may be able to access sensitive user data.

Affects TCC

 

 

x

x

x

 

 

 

 

 

CVE-2026-28829: An app may be able to modify protected parts of the file system.

Affects WebDAV

 

 

x

x

x

 

 

 

 

 

CVE-2026-28831: An app may be able to access sensitive user data.

Affects Printing

 

 

x

x

x

 

 

 

 

 

CVE-2026-28832: An app may be able to disclose kernel memory.

Affects File System

 

 

x

x

x

 

 

 

 

 

CVE-2026-28833: An app may be able to enumerate a user’s installed apps.

Affects iCloud

x

 

x

 

 

 

 

x

 

 

CVE-2026-28834: An app may be able to cause unexpected system termination.

Affects GPU Drivers

 

 

x

x

x

 

 

 

 

 

CVE-2026-28835: Mounting a maliciously crafted SMB network share may lead to system termination.

Affects SMB

 

 

x

x

x

 

 

 

 

 

CVE-2026-28837: An app may be able to access sensitive user data.

Affects System Settings

 

 

x

 

 

 

 

 

 

 

CVE-2026-28838: An app may be able to break out of its sandbox.

Affects CoreServices

 

 

x

x

x

 

 

 

 

 

CVE-2026-28839: An app may be able to access sensitive user data.

Affects NetAuth

 

 

x

x

x

 

 

 

 

 

CVE-2026-28841: A buffer overflow may result in memory corruption and unexpected app termination.

Affects IOGraphics

 

 

x

 

 

 

 

 

 

 

CVE-2026-28842: A buffer overflow may result in memory corruption and unexpected app termination.

Affects IOGraphics

 

 

x

 

 

 

 

 

 

 

CVE-2026-28844: An attacker may gain access to protected parts of the file system.

Affects SystemMigration

 

 

x

 

 

 

 

 

 

 

CVE-2026-28845: An app may be able to access protected user data.

Affects LaunchServices

 

 

x

 

 

 

 

 

 

 

CVE-2026-28852: An app may be able to cause a denial-of-service.

Affects UIFoundation

x

x

x

x

 

x

x

x

 

 

CVE-2026-28856: An attacker with physical access to a locked device may be able to view sensitive user information.

Affects Siri

x

 

 

 

 

 

x

x

 

 

CVE-2026-28857: Processing maliciously crafted web content may lead to an unexpected process crash.

Affects WebKit

x

 

x

 

 

 

 

x

x

 

CVE-2026-28858: A remote user may be able to cause unexpected system termination or corrupt kernel memory.

Affects Telephony

x

 

 

 

 

 

 

 

 

 

CVE-2026-28859: A malicious website may be able to process restricted web content outside the sandbox.

Affects WebKit

x

 

x

 

 

x

x

x

x

 

CVE-2026-28861: A malicious website may be able to access script message handlers intended for other origins.

Affects WebKit

x

x

x

 

 

 

 

x

x

 

CVE-2026-28862: An app may be able to access user-sensitive data.

Affects Phone

 

 

x

x

x

 

 

 

 

 

CVE-2026-28863: An app may be able to fingerprint the user.

Affects Sandbox Profiles

x

 

 

 

 

x

x

x

 

 

CVE-2026-28864: A local attacker may gain access to user’s Keychain items.

Affects Security

x

x

x

x

x

 

x

x

 

 

CVE-2026-28865: An attacker in a privileged network position may be able to intercept network traffic.

Affects 802.1X

x

x

x

x

x

x

x

x

 

 

CVE-2026-28866: An app may be able to access sensitive user data.

Affects Clipboard

x

x

x

x

x

 

 

 

 

 

CVE-2026-28867: An app may be able to leak sensitive kernel state.

Affects Kernel

x

x

x

x

 

x

x

x

 

 

CVE-2026-28868: An app may be able to disclose kernel memory.

Affects Kernel

x

x

x

x

x

 

x

x

 

 

CVE-2026-28870: An app may be able to access sensitive user data.

Affects GeoServices

x

 

x

 

 

x

x

x

 

 

CVE-2026-28871: Visiting a maliciously crafted website may lead to a cross-site scripting attack.

Affects WebKit

x

x

x

 

 

 

 

 

x

 

CVE-2026-28874: A remote attacker may cause an unexpected app termination.

Affects Baseband

x

 

 

 

 

 

 

 

 

 

CVE-2026-28875: A remote attacker may be able to cause a denial-of-service.

Affects Baseband

x

 

 

 

 

 

 

 

 

 

CVE-2026-28876: An app may be able to access sensitive user data.

Affects DeviceLink

x

x

x

x

x

 

 

x

 

 

CVE-2026-28877: An app may be able to access sensitive user data.

Affects Accounts

x

 

x

x

 

 

x

x

 

 

CVE-2026-28878: An app may be able to enumerate a user’s installed apps.

Affects Crash Reporter

x

x

x

 

x

x

x

x

 

 

CVE-2026-28879: Processing maliciously crafted web content may lead to an unexpected process crash.

Affects Audio

x

x

x

x

x

x

x

x

 

 

CVE-2026-28880: An app may be able to enumerate a user’s installed apps.

Affects iCloud

 

x

 

x

x

 

 

 

 

 

CVE-2026-28881: An app may be able to access sensitive user data.

Affects iCloud

 

 

x

 

 

 

 

 

 

 

CVE-2026-28882: An app may be able to enumerate a user’s installed apps.

Affects libxpc

x

 

x

 

 

x

x

x

 

 

CVE-2026-28886: A user in a privileged network position may be able to cause a denial-of-service.

Affects CoreUtils

x

x

x

x

x

x

x

x

 

 

CVE-2026-28888: An app may be able to gain root privileges.

Affects CUPS

 

 

x

x

x

 

 

 

 

 

CVE-2026-28889: An app may be able to read arbitrary files as root.

Affects Simulator

 

 

 

 

 

 

 

 

 

x

CVE-2026-28890: An app may be able to cause unexpected system termination.

Affects otool

 

 

 

 

 

 

 

 

 

x

CVE-2026-28891: An app may be able to break out of its sandbox.

Affects NetAuth

 

 

x

x

x

 

 

 

 

 

CVE-2026-28892: An app may be able to modify protected parts of the file system.

Affects Diagnostics

 

 

x

x

x

 

 

 

 

 

CVE-2026-28893: A document may be written to a temporary file when using print preview.

Affects CUPS

 

 

x

 

 

 

 

 

 

 

CVE-2026-28894: A remote attacker may be able to cause a denial-of-service.

Affects Calling Framework

x

 

x

x

x

 

 

 

 

 

CVE-2026-28895: An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.

Affects App Protection

x