Category: Uncategorized

CVE-2025-43338: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Affects ImageIO

 

 

 

 

x

 

 

 

CVE-2025-43402: An app may be able to cause unexpected system termination or corrupt process memory.

Affects WindowServer

 

 

 

x

x

 

 

 

CVE-2025-43403: An app may be able to access sensitive user data.

Affects Compression

 

 

 

x

x

 

 

 

CVE-2025-43417: An app may be able to access user-sensitive data.

Affects File Bookmark

 

 

 

 

x

 

 

 

CVE-2025-43537: Restoring a maliciously crafted backup file may lead to modification of protected system files.

Affects Books

 

x

 

 

 

 

 

 

CVE-2025-46283: An app may be able to access sensitive user data.

Affects CoreServices

 

 

 

 

x

 

 

 

CVE-2025-46290: A remote attacker may be able to cause a denial-of-service.

Affects Security

 

 

 

x

x

 

 

 

CVE-2025-46305: A malicious HID device may cause an unexpected process crash.

Affects Multi-Touch

 

x

 

x

x

 

 

 

CVE-2025-46310: An attacker with root privileges may be able to delete protected system files.

Affects PackageKit

 

 

 

x

x

 

 

 

CVE-2026-20601: An app may be able to monitor keystrokes without user permission.

Affects Foundation

 

 

x

 

 

 

 

 

CVE-2026-20602: An app may be able to cause a denial-of-service.

Affects WindowServer

 

 

x

x

x

 

 

 

CVE-2026-20603: An app with root privileges may be able to access private information.

Affects Notification Center

 

 

x

 

 

 

 

 

CVE-2026-20605: An app may be able to crash a system process.

Affects Voice Control

 

x

x

x

x

 

 

 

CVE-2026-20606: An app may be able to bypass certain Privacy preferences.

Affects UIKit

x

x

x

x

x

 

 

 

CVE-2026-20608: Processing maliciously crafted web content may lead to an unexpected process crash.

Affects WebKit

x

x

x

 

 

 

 

x

CVE-2026-20609: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

Affects CoreMedia

x

x

x

x

x

x

x

x

CVE-2026-20610: An app may be able to gain root privileges.

Affects Setup Assistant

 

 

x

 

 

 

 

 

CVE-2026-20611: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Affects CoreAudio

x

x

x

x

x

x

x

x

CVE-2026-20612: An app may be able to access sensitive user data.

Affects Spotlight

 

 

x

x

x

 

 

 

CVE-2026-20614: An app may be able to gain root privileges.

Affects Remote Management

 

 

x

x

x

 

 

 

CVE-2026-20615: An app may be able to gain root privileges.

Affects CoreServices

x

 

x

 

x

 

 

x

CVE-2026-20616: Processing a maliciously crafted USD file may lead to unexpected app termination.

Affects Model I/O

 

x

x

 

x

 

 

x

CVE-2026-20617: An app may be able to gain root privileges.

Affects CoreServices

x

 

x

 

x

x

x

x

CVE-2026-20618: An app may be able to access user-sensitive data.

Affects System Settings

 

 

x

 

 

 

 

 

CVE-2026-20619: An app may be able to access sensitive user data.

Affects System Settings

 

 

x

x

 

 

 

 

CVE-2026-20620: An attacker may be able to cause unexpected system termination or read kernel memory.

Affects GPU Drivers

 

 

x

x

x

 

 

 

CVE-2026-20621: An app may be able to cause unexpected system termination or corrupt kernel memory.

Affects Wi-Fi

x

x

x

x

x

 

 

x

CVE-2026-20623: An app may be able to access protected user data.

Affects Foundation

 

 

x

 

 

 

 

 

CVE-2026-20624: An app may be able to access sensitive user data.

Affects AppleMobileFileIntegrity

 

 

x

x

x

 

 

 

CVE-2026-20625: An app may be able to access sensitive user data.

Affects AppleMobileFileIntegrity

 

 

x

x

x

 

 

x

CVE-2026-20626: A malicious app may be able to gain root privileges.

Affects Kernel

x

 

x

x

 

 

 

x

CVE-2026-20627: An app may be able to access sensitive user data.

Affects CoreServices

x

 

x

 

x

 

x

x

CVE-2026-20628: An app may be able to break out of its sandbox.

Affects Sandbox

x

x

x

x

x

x

x

x

CVE-2026-20629: An app may be able to access user-sensitive data.

Affects Foundation

 

 

x

 

 

 

 

 

CVE-2026-20630: An app may be able to access protected user data.

Affects LaunchServices

 

 

x

 

 

 

 

 

CVE-2026-20634: Processing a maliciously crafted image may result in disclosure of process memory.

Affects ImageIO

x

x

x

x

x

x

x

x

CVE-2026-20635: Processing maliciously crafted web content may lead to an unexpected process crash.

Affects WebKit

x

x

x

 

 

x

x

x

CVE-2026-20638: A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.

Affects Call History

x

 

 

 

 

 

 

 

CVE-2026-20640: An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.

Affects UIKit

x

 

 

 

 

 

 

 

CVE-2026-20641: An app may be able to identify what other apps a user has installed.

Affects StoreKit

x

x

x

x

x

x

x

x

CVE-2026-20642: A person with physical access to an iOS device may be able to access photos from the lock screen.

Affects Photos

x

 

 

 

 

 

 

 

CVE-2026-20645: An attacker with physical access to a locked device may be able to view sensitive user information.

Affects Accessibility

x

x

 

 

 

 

 

 

CVE-2026-20646: A malicious app may be able to read sensitive location information.

Affects Weather

 

 

x

 

 

 

 

 

CVE-2026-20647: An app may be able to access sensitive user data.

Affects Siri

 

 

x

 

 

 

 

 

CVE-2026-20648: A malicious app may be able to access notifications from other iCloud devices.

Affects Siri

 

 

x

 

 

 

 

 

CVE-2026-20649: A user may be able to view sensitive user information.

Affects Game Center

x

 

x

 

 

x

x

 

CVE-2026-20650: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.

Affects Bluetooth

x

 

x

 

 

x

x

x

CVE-2026-20652: A remote attacker may be able to cause a denial-of-service.

Affects WebKit

x

x

x

 

 

 

 

x

CVE-2026-20653: An app may be able to access sensitive user data.

Affects Shortcuts

x

x

x

x

x

 

 

x

CVE-2026-20654: An app may be able to cause unexpected system termination.

Affects Kernel

x

 

x

 

 

x

x

x

CVE-2026-20655: An attacker with physical access to a locked device may be able to view sensitive user information.

Affects Live Captions

x

x

 

 

 

 

 

 

CVE-2026-20656: An app may be able to access a user’s Safari history.

Affects Safari

 

x

x

 

 

 

 

 

CVE-2026-20658: An app may be able to gain root privileges.

Affects Security

 

 

x

 

 

 

 

 

CVE-2026-20660: A remote user may be able to write arbitrary files.

Affects CFNetwork

x

x

x

 

x

 

 

x

CVE-2026-20661: An attacker with physical access to a locked device may be able to view sensitive user information.

Affects VoiceOver

x

x

 

 

 

 

 

 

CVE-2026-20662: An attacker with physical access to a locked device may be able to view sensitive user information.

Affects Siri

 

 

x

x

 

 

 

 

CVE-2026-20663: An app may be able to enumerate a user’s installed apps.

Affects LaunchServices

x

x

 

 

 

 

 

 

CVE-2026-20666: An app may be able to access sensitive user data.

Affects NSOpenPanel

 

 

x

 

 

 

 

 

CVE-2026-20667: An app may be able to break out of its sandbox.

Affects libxpc

x

 

x

x

x

 

x

 

CVE-2026-20669: An app may be able to access sensitive user data.

Affects Admin Framework

 

 

x

 

 

 

 

 

CVE-2026-20671: An attacker in a privileged network position may be able to intercept network traffic.

Affects Kernel

x

x

x

x

x

x

x

x

CVE-2026-20673: Turning off “Load remote content in messages? may not apply to all mail previews.

Affects Mail

 

x

x

x

x

 

 

 

CVE-2026-20674: An attacker with physical access to a locked device may be able to view sensitive user information.

Affects Accessibility

x

 

 

 

 

 

 

 

CVE-2026-20675: Processing a maliciously crafted image may lead to disclosure of user information.

Affects ImageIO

x

x

x

x

x

x

x

x

CVE-2026-20676: A website may be able to track users through Safari web extensions.

Affects WebKit

x

 

x

 

 

 

 

x

CVE-2026-20677: A shortcut may be able to bypass sandbox restrictions.

Affects Messages

x

x

x

 

x

 

 

x

CVE-2026-20678: An app may be able to access sensitive user data.

Affects Sandbox Profiles

x

x

 

 

 

 

 

 

CVE-2026-20680: A sandboxed app may be able to access sensitive user data.

Affects Spotlight

x

x

x

x

x

 

 

 

CVE-2026-20681: An app may be able to access information about a user’s contacts.

Affects Contacts

 

 

x

 

 

 

 

 

CVE-2026-20682: An attacker may be able to discover a user’s deleted notes.

Affects Screenshots

x

x

 

 

 

 

 

 

CVE-2026-20700: An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report..

Affects dyld

x

 

x

 

 

x

x

x