Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-20663 (GCVE-0-2026-20663)
Vulnerability from cvelistv5 – Published: 2026-02-11 22:58 – Updated: 2026-04-02 18:18
VLAI
EPSS
Summary
The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.
Severity
CWE
- An app may be able to enumerate a user's installed apps
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7.5
(custom)
Affected: 0 , < 26.3 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T21:24:05.301352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T21:24:27.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user\u0027s installed apps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to enumerate a user\u0027s installed apps",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:18:11.159Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126346"
},
{
"url": "https://support.apple.com/en-us/126347"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-20663",
"datePublished": "2026-02-11T22:58:32.467Z",
"dateReserved": "2025-11-11T14:43:07.865Z",
"dateUpdated": "2026-04-02T18:18:11.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-20663",
"date": "2026-05-27",
"epss": "0.00014",
"percentile": "0.02723"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20663\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-02-11T23:16:08.923\",\"lastModified\":\"2026-04-02T19:21:19.590\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user\u0027s installed apps.\"},{\"lang\":\"es\",\"value\":\"El problema se resolvi\u00f3 mediante la sanitizaci\u00f3n del registro. Este problema est\u00e1 solucionado en iOS 26.3 y iPadOS 26.3, iOS 18.7.5 y iPadOS 18.7.5. Una aplicaci\u00f3n podr\u00eda enumerar las aplicaciones instaladas de un usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.5\",\"matchCriteriaId\":\"5DF4C0EE-C67C-4BA1-BB50-C51DEC72E486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"00E2601B-7453-4C8B-A307-EF7BC5BF2E84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.5\",\"matchCriteriaId\":\"273784FD-F8F0-466D-AF6E-5511FF3781B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"951073F9-924E-4D9C-8DA1-64E284326CC5\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/126346\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126347\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20663\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-12T21:24:05.301352Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-12T21:24:00.640Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.7\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/126346\"}, {\"url\": \"https://support.apple.com/en-us/126347\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user\u0027s installed apps.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An app may be able to enumerate a user\u0027s installed apps\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-02-11T22:58:32.467Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20663\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-12T21:24:27.292Z\", \"dateReserved\": \"2025-11-11T14:43:07.865Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-02-11T22:58:32.467Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0158
Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.4 | ||
| Apple | Safari | Safari versions antérieures à 26.3 | ||
| Apple | iOS | iOS versions antérieures à 18.7.5 | ||
| Apple | N/A | watchOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.4 | ||
| Apple | N/A | tvOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.3 | ||
| Apple | N/A | visionOS versions antérieures à 26.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20624"
},
{
"name": "CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"name": "CVE-2026-20619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20619"
},
{
"name": "CVE-2026-20606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20606"
},
{
"name": "CVE-2026-20611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20611"
},
{
"name": "CVE-2026-20617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20617"
},
{
"name": "CVE-2025-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43417"
},
{
"name": "CVE-2025-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46310"
},
{
"name": "CVE-2026-20625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20625"
},
{
"name": "CVE-2026-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20650"
},
{
"name": "CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"name": "CVE-2026-20626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20626"
},
{
"name": "CVE-2026-20666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20666"
},
{
"name": "CVE-2026-20662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20662"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2026-20658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20658"
},
{
"name": "CVE-2026-20612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20612"
},
{
"name": "CVE-2026-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20655"
},
{
"name": "CVE-2026-20638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20638"
},
{
"name": "CVE-2026-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20682"
},
{
"name": "CVE-2026-20605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20605"
},
{
"name": "CVE-2026-20674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20674"
},
{
"name": "CVE-2026-20642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20642"
},
{
"name": "CVE-2026-20647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20647"
},
{
"name": "CVE-2026-20628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20628"
},
{
"name": "CVE-2026-20646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20646"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"name": "CVE-2026-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20623"
},
{
"name": "CVE-2026-20615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20615"
},
{
"name": "CVE-2026-20630",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20630"
},
{
"name": "CVE-2026-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20677"
},
{
"name": "CVE-2026-20680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20680"
},
{
"name": "CVE-2026-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20661"
},
{
"name": "CVE-2026-20654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20654"
},
{
"name": "CVE-2026-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20673"
},
{
"name": "CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"name": "CVE-2025-46305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46305"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"name": "CVE-2025-46303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46303"
},
{
"name": "CVE-2025-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46301"
},
{
"name": "CVE-2026-20616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20616"
},
{
"name": "CVE-2026-20653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20653"
},
{
"name": "CVE-2026-20602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20602"
},
{
"name": "CVE-2025-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46300"
},
{
"name": "CVE-2026-20656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20656"
},
{
"name": "CVE-2026-20609",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20609"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2026-20627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20627"
},
{
"name": "CVE-2026-20663",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20663"
},
{
"name": "CVE-2026-20621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20621"
},
{
"name": "CVE-2026-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20681"
},
{
"name": "CVE-2026-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20678"
},
{
"name": "CVE-2026-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20667"
},
{
"name": "CVE-2025-43403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43403"
},
{
"name": "CVE-2026-20603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20603"
},
{
"name": "CVE-2025-46304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46304"
},
{
"name": "CVE-2025-43537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43537"
},
{
"name": "CVE-2026-20620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20620"
},
{
"name": "CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-46290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46290"
},
{
"name": "CVE-2026-20641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20641"
},
{
"name": "CVE-2026-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20649"
},
{
"name": "CVE-2025-46302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46302"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20648"
},
{
"name": "CVE-2026-20671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20671"
},
{
"name": "CVE-2026-20610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20610"
},
{
"name": "CVE-2026-20618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20618"
},
{
"name": "CVE-2026-20700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"
},
{
"name": "CVE-2026-20640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20640"
},
{
"name": "CVE-2026-20601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20601"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2026-20629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20629"
},
{
"name": "CVE-2026-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20634"
},
{
"name": "CVE-2026-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20669"
},
{
"name": "CVE-2026-20645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20645"
},
{
"name": "CVE-2026-20675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20675"
},
{
"name": "CVE-2026-20614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20614"
}
],
"initial_release_date": "2026-02-12T00:00:00",
"last_revision_date": "2026-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0158",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20700 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126346",
"url": "https://support.apple.com/en-us/126346"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126353",
"url": "https://support.apple.com/en-us/126353"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126347",
"url": "https://support.apple.com/en-us/126347"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126352",
"url": "https://support.apple.com/en-us/126352"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126348",
"url": "https://support.apple.com/en-us/126348"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126349",
"url": "https://support.apple.com/en-us/126349"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126351",
"url": "https://support.apple.com/en-us/126351"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126350",
"url": "https://support.apple.com/en-us/126350"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126354",
"url": "https://support.apple.com/en-us/126354"
}
]
}
CERTFR-2026-AVI-0158
Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.4 | ||
| Apple | Safari | Safari versions antérieures à 26.3 | ||
| Apple | iOS | iOS versions antérieures à 18.7.5 | ||
| Apple | N/A | watchOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.4 | ||
| Apple | N/A | tvOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.3 | ||
| Apple | N/A | visionOS versions antérieures à 26.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20624"
},
{
"name": "CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"name": "CVE-2026-20619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20619"
},
{
"name": "CVE-2026-20606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20606"
},
{
"name": "CVE-2026-20611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20611"
},
{
"name": "CVE-2026-20617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20617"
},
{
"name": "CVE-2025-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43417"
},
{
"name": "CVE-2025-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46310"
},
{
"name": "CVE-2026-20625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20625"
},
{
"name": "CVE-2026-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20650"
},
{
"name": "CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"name": "CVE-2026-20626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20626"
},
{
"name": "CVE-2026-20666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20666"
},
{
"name": "CVE-2026-20662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20662"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2026-20658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20658"
},
{
"name": "CVE-2026-20612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20612"
},
{
"name": "CVE-2026-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20655"
},
{
"name": "CVE-2026-20638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20638"
},
{
"name": "CVE-2026-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20682"
},
{
"name": "CVE-2026-20605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20605"
},
{
"name": "CVE-2026-20674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20674"
},
{
"name": "CVE-2026-20642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20642"
},
{
"name": "CVE-2026-20647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20647"
},
{
"name": "CVE-2026-20628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20628"
},
{
"name": "CVE-2026-20646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20646"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"name": "CVE-2026-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20623"
},
{
"name": "CVE-2026-20615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20615"
},
{
"name": "CVE-2026-20630",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20630"
},
{
"name": "CVE-2026-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20677"
},
{
"name": "CVE-2026-20680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20680"
},
{
"name": "CVE-2026-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20661"
},
{
"name": "CVE-2026-20654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20654"
},
{
"name": "CVE-2026-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20673"
},
{
"name": "CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"name": "CVE-2025-46305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46305"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"name": "CVE-2025-46303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46303"
},
{
"name": "CVE-2025-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46301"
},
{
"name": "CVE-2026-20616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20616"
},
{
"name": "CVE-2026-20653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20653"
},
{
"name": "CVE-2026-20602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20602"
},
{
"name": "CVE-2025-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46300"
},
{
"name": "CVE-2026-20656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20656"
},
{
"name": "CVE-2026-20609",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20609"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2026-20627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20627"
},
{
"name": "CVE-2026-20663",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20663"
},
{
"name": "CVE-2026-20621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20621"
},
{
"name": "CVE-2026-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20681"
},
{
"name": "CVE-2026-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20678"
},
{
"name": "CVE-2026-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20667"
},
{
"name": "CVE-2025-43403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43403"
},
{
"name": "CVE-2026-20603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20603"
},
{
"name": "CVE-2025-46304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46304"
},
{
"name": "CVE-2025-43537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43537"
},
{
"name": "CVE-2026-20620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20620"
},
{
"name": "CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-46290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46290"
},
{
"name": "CVE-2026-20641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20641"
},
{
"name": "CVE-2026-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20649"
},
{
"name": "CVE-2025-46302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46302"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20648"
},
{
"name": "CVE-2026-20671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20671"
},
{
"name": "CVE-2026-20610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20610"
},
{
"name": "CVE-2026-20618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20618"
},
{
"name": "CVE-2026-20700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"
},
{
"name": "CVE-2026-20640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20640"
},
{
"name": "CVE-2026-20601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20601"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2026-20629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20629"
},
{
"name": "CVE-2026-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20634"
},
{
"name": "CVE-2026-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20669"
},
{
"name": "CVE-2026-20645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20645"
},
{
"name": "CVE-2026-20675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20675"
},
{
"name": "CVE-2026-20614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20614"
}
],
"initial_release_date": "2026-02-12T00:00:00",
"last_revision_date": "2026-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0158",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20700 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126346",
"url": "https://support.apple.com/en-us/126346"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126353",
"url": "https://support.apple.com/en-us/126353"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126347",
"url": "https://support.apple.com/en-us/126347"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126352",
"url": "https://support.apple.com/en-us/126352"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126348",
"url": "https://support.apple.com/en-us/126348"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126349",
"url": "https://support.apple.com/en-us/126349"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126351",
"url": "https://support.apple.com/en-us/126351"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126350",
"url": "https://support.apple.com/en-us/126350"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126354",
"url": "https://support.apple.com/en-us/126354"
}
]
}
FKIE_CVE-2026-20663
Vulnerability from fkie_nvd - Published: 2026-02-11 23:16 - Updated: 2026-04-02 19:21
Severity
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/126346 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/126347 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF4C0EE-C67C-4BA1-BB50-C51DEC72E486",
"versionEndExcluding": "18.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E2601B-7453-4C8B-A307-EF7BC5BF2E84",
"versionEndExcluding": "26.3",
"versionStartIncluding": "26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273784FD-F8F0-466D-AF6E-5511FF3781B7",
"versionEndExcluding": "18.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951073F9-924E-4D9C-8DA1-64E284326CC5",
"versionEndExcluding": "26.3",
"versionStartIncluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user\u0027s installed apps."
},
{
"lang": "es",
"value": "El problema se resolvi\u00f3 mediante la sanitizaci\u00f3n del registro. Este problema est\u00e1 solucionado en iOS 26.3 y iPadOS 26.3, iOS 18.7.5 y iPadOS 18.7.5. Una aplicaci\u00f3n podr\u00eda enumerar las aplicaciones instaladas de un usuario."
}
],
"id": "CVE-2026-20663",
"lastModified": "2026-04-02T19:21:19.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-02-11T23:16:08.923",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126346"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/126347"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-R942-7MJ9-P58W
Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-12 18:30
VLAI
Details
The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps.
Severity
{
"affected": [],
"aliases": [
"CVE-2026-20663"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T23:16:08Z",
"severity": "LOW"
},
"details": "The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user\u0027s installed apps.",
"id": "GHSA-r942-7mj9-p58w",
"modified": "2026-02-12T18:30:23Z",
"published": "2026-02-12T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20663"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126346"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126347"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0064
Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:35 - Updated: 2026-02-13 13:35Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.
Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.
Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416: Use After Free
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-823: Use of Out-of-range Pointer Offset
CWE-825: Expired Pointer Dereference
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.
CWE-20 - Improper Input ValidationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.
4.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.
CWE-532 - Insertion of Sensitive Information into Log FileAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.
9.0 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
References
55 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.\n\nApple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer v\u00f3\u00f3r 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126346"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126347"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2026-02-13T13:35:03.870920Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0064",
"initial_release_date": "2026-02-13T13:35:03.870920Z",
"revision_history": [
{
"date": "2026-02-13T13:35:03.870920Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43529",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43537",
"notes": [
{
"category": "description",
"text": "iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43537 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43537.json"
}
],
"title": "CVE-2025-43537"
},
{
"cve": "CVE-2025-46300",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20605",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20606 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"notes": [
{
"category": "description",
"text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
}
],
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"notes": [
{
"category": "description",
"text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
}
],
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20611",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20611 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20615",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20615 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
}
],
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20616 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
}
],
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"notes": [
{
"category": "description",
"text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
}
],
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20621",
"notes": [
{
"category": "description",
"text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20621 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
}
],
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20626",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20634",
"notes": [
{
"category": "description",
"text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"notes": [
{
"category": "description",
"text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20636 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
}
],
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20638",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20638 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20638.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20638"
},
{
"cve": "CVE-2026-20640",
"notes": [
{
"category": "description",
"text": "iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20640 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20640.json"
}
],
"title": "CVE-2026-20640"
},
{
"cve": "CVE-2026-20641",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
}
],
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20642",
"notes": [
{
"category": "description",
"text": "An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20642 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20642.json"
}
],
"title": "CVE-2026-20642"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20645",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "description",
"text": "An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20645 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20645.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20645"
},
{
"cve": "CVE-2026-20649",
"notes": [
{
"category": "description",
"text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
}
],
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"notes": [
{
"category": "description",
"text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
}
],
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20655",
"notes": [
{
"category": "description",
"text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20655.json"
}
],
"title": "CVE-2026-20655"
},
{
"cve": "CVE-2026-20656",
"notes": [
{
"category": "description",
"text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
}
],
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20660",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20661",
"notes": [
{
"category": "description",
"text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20661.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20661"
},
{
"cve": "CVE-2026-20663",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20663 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20663.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20663"
},
{
"cve": "CVE-2026-20667",
"notes": [
{
"category": "description",
"text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20671",
"notes": [
{
"category": "description",
"text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20671 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20674",
"notes": [
{
"category": "description",
"text": "iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20674 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20674.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20674"
},
{
"cve": "CVE-2026-20675",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20675 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"notes": [
{
"category": "description",
"text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20678",
"notes": [
{
"category": "description",
"text": "An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20678 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20678.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20678"
},
{
"cve": "CVE-2026-20680",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20682",
"notes": [
{
"category": "description",
"text": "A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20682 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20682.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20682"
},
{
"cve": "CVE-2026-20700",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20700 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20700"
}
]
}
WID-SEC-W-2026-0402
Vulnerability from csaf_certbund - Published: 2026-02-11 23:00 - Updated: 2026-03-24 23:00Summary
Apple iOS und iPadOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - MacOS X
- Sonstiges
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <18.7.5
Apple / iPadOS
|
<18.7.5 | ||
|
Apple iOS <18.7.5
Apple / iOS
|
<18.7.5 | ||
|
Apple iPadOS <26.3
Apple / iPadOS
|
<26.3 | ||
|
Apple iOS <26.3
Apple / iOS
|
<26.3 |
References
4 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://support.apple.com/en-us/126346 | external |
| https://support.apple.com/en-us/126347 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0402 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0402.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0402 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0402"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126346"
},
{
"category": "external",
"summary": "Apple security updates vom 2026-02-11",
"url": "https://support.apple.com/en-us/126347"
}
],
"source_lang": "en-US",
"title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-24T23:00:00.000+00:00",
"generator": {
"date": "2026-03-25T06:11:04.490+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0402",
"initial_release_date": "2026-02-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c26.3",
"product": {
"name": "Apple iOS \u003c26.3",
"product_id": "T050863"
}
},
{
"category": "product_version",
"name": "26.3",
"product": {
"name": "Apple iOS 26.3",
"product_id": "T050863-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:iphone_os:26.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.7.5",
"product": {
"name": "Apple iOS \u003c18.7.5",
"product_id": "T050865"
}
},
{
"category": "product_version",
"name": "18.7.5",
"product": {
"name": "Apple iOS 18.7.5",
"product_id": "T050865-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:iphone_os:18.7.5"
}
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c26.3",
"product": {
"name": "Apple iPadOS \u003c26.3",
"product_id": "T050864"
}
},
{
"category": "product_version",
"name": "26.3",
"product": {
"name": "Apple iPadOS 26.3",
"product_id": "T050864-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:26.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.7.5",
"product": {
"name": "Apple iPadOS \u003c18.7.5",
"product_id": "T050866"
}
},
{
"category": "product_version",
"name": "18.7.5",
"product": {
"name": "Apple iPadOS 18.7.5",
"product_id": "T050866-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:18.7.5"
}
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43529",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43537",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-43537"
},
{
"cve": "CVE-2025-46300",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-59375",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20605",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20611",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20615",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20621",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20626",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20634",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20637",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20637"
},
{
"cve": "CVE-2026-20638",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20638"
},
{
"cve": "CVE-2026-20640",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20640"
},
{
"cve": "CVE-2026-20641",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20642",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20642"
},
{
"cve": "CVE-2026-20644",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20645",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20645"
},
{
"cve": "CVE-2026-20649",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20655",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20655"
},
{
"cve": "CVE-2026-20656",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20660",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20661",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20661"
},
{
"cve": "CVE-2026-20663",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20663"
},
{
"cve": "CVE-2026-20667",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20668",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20668"
},
{
"cve": "CVE-2026-20671",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20674",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20674"
},
{
"cve": "CVE-2026-20675",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20678",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20678"
},
{
"cve": "CVE-2026-20680",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20682",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20682"
},
{
"cve": "CVE-2026-20686",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20686"
},
{
"cve": "CVE-2026-20694",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20694"
},
{
"cve": "CVE-2026-20700",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-20700"
},
{
"cve": "CVE-2026-28855",
"product_status": {
"known_affected": [
"T050866",
"T050865",
"T050864",
"T050863"
]
},
"release_date": "2026-02-11T23:00:00.000+00:00",
"title": "CVE-2026-28855"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…