Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-46283 (GCVE-0-2025-46283)
Vulnerability from cvelistv5 – Published: 2025-12-17 20:46 – Updated: 2025-12-18 19:29
VLAI?
EPSS
Summary
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.
Severity ?
5.5 (Medium)
CWE
- An app may be able to access sensitive user data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T19:20:32.097827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:29:33.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:34.698Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-46283",
"datePublished": "2025-12-17T20:46:34.698Z",
"dateReserved": "2025-04-22T21:13:49.958Z",
"dateUpdated": "2025-12-18T19:29:33.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-46283\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-12-17T21:16:13.630\",\"lastModified\":\"2025-12-18T20:15:56.690\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"FBA92B6D-E36C-432B-A041-94D81427CD75\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/125886\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46283\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-18T19:20:32.097827Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-18T19:21:35.842Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/125886\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An app may be able to access sensitive user data\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2025-12-17T20:46:34.698Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-46283\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-18T19:29:33.725Z\", \"dateReserved\": \"2025-04-22T21:13:49.958Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-12-17T20:46:34.698Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1110
Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que les vulnérabilités CVE-2025-14174 et CVE-2025-43529 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.3 | ||
| Apple | watchOS | watchOS versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 26.x antérieures à 26.2 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.2 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.3 | ||
| Apple | tvOS | tvOS versions antérieures à 26.2 | ||
| Apple | Safari | Safari versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | iPadOS | iPadOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | visionOS | visionOS versions antérieures à 26.2 | ||
| Apple | iPadOS | iPadOS versions 26.x antérieures à 26.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43517"
},
{
"name": "CVE-2025-46291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46291"
},
{
"name": "CVE-2025-46282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46282"
},
{
"name": "CVE-2025-46292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46292"
},
{
"name": "CVE-2025-43539",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43539"
},
{
"name": "CVE-2025-43320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43320"
},
{
"name": "CVE-2025-43536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43536"
},
{
"name": "CVE-2025-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43514"
},
{
"name": "CVE-2025-46289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46289"
},
{
"name": "CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"name": "CVE-2025-46278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46278"
},
{
"name": "CVE-2025-43523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43523"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43513"
},
{
"name": "CVE-2025-43522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43522"
},
{
"name": "CVE-2025-46279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46279"
},
{
"name": "CVE-2025-43416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43416"
},
{
"name": "CVE-2025-43410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43410"
},
{
"name": "CVE-2025-43475",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43475"
},
{
"name": "CVE-2025-43542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43542"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2025-43519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43519"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2025-43526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43526"
},
{
"name": "CVE-2025-46277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46277"
},
{
"name": "CVE-2025-43518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43518"
},
{
"name": "CVE-2025-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43527"
},
{
"name": "CVE-2025-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46285"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-43482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43482"
},
{
"name": "CVE-2025-43532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43532"
},
{
"name": "CVE-2025-43538",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43538"
},
{
"name": "CVE-2025-46288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46288"
},
{
"name": "CVE-2025-43541",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43541"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-43516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43516"
},
{
"name": "CVE-2025-46281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46281"
},
{
"name": "CVE-2025-43530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43530"
},
{
"name": "CVE-2025-43501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43501"
},
{
"name": "CVE-2025-46276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46276"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2025-43428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43428"
},
{
"name": "CVE-2025-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43512"
},
{
"name": "CVE-2025-43535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43535"
},
{
"name": "CVE-2025-43521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43521"
},
{
"name": "CVE-2025-43531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43531"
},
{
"name": "CVE-2025-46287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46287"
},
{
"name": "CVE-2025-43509",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43509"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-12-15T00:00:00",
"last_revision_date": "2025-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1110",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-14174 et CVE-2025-43529 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125887",
"url": "https://support.apple.com/en-us/125887"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125891",
"url": "https://support.apple.com/en-us/125891"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125884",
"url": "https://support.apple.com/en-us/125884"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125886",
"url": "https://support.apple.com/en-us/125886"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125885",
"url": "https://support.apple.com/en-us/125885"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125889",
"url": "https://support.apple.com/en-us/125889"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125890",
"url": "https://support.apple.com/en-us/125890"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125892",
"url": "https://support.apple.com/en-us/125892"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125888",
"url": "https://support.apple.com/en-us/125888"
}
]
}
CERTFR-2026-AVI-0158
Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.4 | ||
| Apple | Safari | Safari versions antérieures à 26.3 | ||
| Apple | iOS | iOS versions antérieures à 18.7.5 | ||
| Apple | N/A | watchOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.4 | ||
| Apple | N/A | tvOS versions antérieures à 26.3 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.3 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.3 | ||
| Apple | N/A | visionOS versions antérieures à 26.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20624"
},
{
"name": "CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"name": "CVE-2026-20619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20619"
},
{
"name": "CVE-2026-20606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20606"
},
{
"name": "CVE-2026-20611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20611"
},
{
"name": "CVE-2026-20617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20617"
},
{
"name": "CVE-2025-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43417"
},
{
"name": "CVE-2025-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46310"
},
{
"name": "CVE-2026-20625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20625"
},
{
"name": "CVE-2026-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20650"
},
{
"name": "CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"name": "CVE-2026-20626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20626"
},
{
"name": "CVE-2026-20666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20666"
},
{
"name": "CVE-2026-20662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20662"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2026-20658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20658"
},
{
"name": "CVE-2026-20612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20612"
},
{
"name": "CVE-2026-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20655"
},
{
"name": "CVE-2026-20638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20638"
},
{
"name": "CVE-2026-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20682"
},
{
"name": "CVE-2026-20605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20605"
},
{
"name": "CVE-2026-20674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20674"
},
{
"name": "CVE-2026-20642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20642"
},
{
"name": "CVE-2026-20647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20647"
},
{
"name": "CVE-2026-20628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20628"
},
{
"name": "CVE-2026-20646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20646"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"name": "CVE-2026-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20623"
},
{
"name": "CVE-2026-20615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20615"
},
{
"name": "CVE-2026-20630",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20630"
},
{
"name": "CVE-2026-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20677"
},
{
"name": "CVE-2026-20680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20680"
},
{
"name": "CVE-2026-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20661"
},
{
"name": "CVE-2026-20654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20654"
},
{
"name": "CVE-2026-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20673"
},
{
"name": "CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"name": "CVE-2025-46305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46305"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"name": "CVE-2025-46303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46303"
},
{
"name": "CVE-2025-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46301"
},
{
"name": "CVE-2026-20616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20616"
},
{
"name": "CVE-2026-20653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20653"
},
{
"name": "CVE-2026-20602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20602"
},
{
"name": "CVE-2025-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46300"
},
{
"name": "CVE-2026-20656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20656"
},
{
"name": "CVE-2026-20609",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20609"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2026-20627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20627"
},
{
"name": "CVE-2026-20663",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20663"
},
{
"name": "CVE-2026-20621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20621"
},
{
"name": "CVE-2026-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20681"
},
{
"name": "CVE-2026-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20678"
},
{
"name": "CVE-2026-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20667"
},
{
"name": "CVE-2025-43403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43403"
},
{
"name": "CVE-2026-20603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20603"
},
{
"name": "CVE-2025-46304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46304"
},
{
"name": "CVE-2025-43537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43537"
},
{
"name": "CVE-2026-20620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20620"
},
{
"name": "CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-46290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46290"
},
{
"name": "CVE-2026-20641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20641"
},
{
"name": "CVE-2026-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20649"
},
{
"name": "CVE-2025-46302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46302"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20648"
},
{
"name": "CVE-2026-20671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20671"
},
{
"name": "CVE-2026-20610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20610"
},
{
"name": "CVE-2026-20618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20618"
},
{
"name": "CVE-2026-20700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"
},
{
"name": "CVE-2026-20640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20640"
},
{
"name": "CVE-2026-20601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20601"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2026-20629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20629"
},
{
"name": "CVE-2026-20634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20634"
},
{
"name": "CVE-2026-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20669"
},
{
"name": "CVE-2026-20645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20645"
},
{
"name": "CVE-2026-20675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20675"
},
{
"name": "CVE-2026-20614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20614"
}
],
"initial_release_date": "2026-02-12T00:00:00",
"last_revision_date": "2026-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0158",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20700 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126346",
"url": "https://support.apple.com/en-us/126346"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126353",
"url": "https://support.apple.com/en-us/126353"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126347",
"url": "https://support.apple.com/en-us/126347"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126352",
"url": "https://support.apple.com/en-us/126352"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126348",
"url": "https://support.apple.com/en-us/126348"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126349",
"url": "https://support.apple.com/en-us/126349"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126351",
"url": "https://support.apple.com/en-us/126351"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126350",
"url": "https://support.apple.com/en-us/126350"
},
{
"published_at": "2026-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126354",
"url": "https://support.apple.com/en-us/126354"
}
]
}
CERTFR-2025-AVI-1110
Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que les vulnérabilités CVE-2025-14174 et CVE-2025-43529 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.3 | ||
| Apple | watchOS | watchOS versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 26.x antérieures à 26.2 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.2 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.3 | ||
| Apple | tvOS | tvOS versions antérieures à 26.2 | ||
| Apple | Safari | Safari versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | iPadOS | iPadOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | visionOS | visionOS versions antérieures à 26.2 | ||
| Apple | iPadOS | iPadOS versions 26.x antérieures à 26.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43517"
},
{
"name": "CVE-2025-46291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46291"
},
{
"name": "CVE-2025-46282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46282"
},
{
"name": "CVE-2025-46292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46292"
},
{
"name": "CVE-2025-43539",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43539"
},
{
"name": "CVE-2025-43320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43320"
},
{
"name": "CVE-2025-43536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43536"
},
{
"name": "CVE-2025-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43514"
},
{
"name": "CVE-2025-46289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46289"
},
{
"name": "CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"name": "CVE-2025-46278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46278"
},
{
"name": "CVE-2025-43523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43523"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43513"
},
{
"name": "CVE-2025-43522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43522"
},
{
"name": "CVE-2025-46279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46279"
},
{
"name": "CVE-2025-43416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43416"
},
{
"name": "CVE-2025-43410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43410"
},
{
"name": "CVE-2025-43475",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43475"
},
{
"name": "CVE-2025-43542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43542"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2025-43519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43519"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2025-43526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43526"
},
{
"name": "CVE-2025-46277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46277"
},
{
"name": "CVE-2025-43518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43518"
},
{
"name": "CVE-2025-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43527"
},
{
"name": "CVE-2025-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46285"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-43482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43482"
},
{
"name": "CVE-2025-43532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43532"
},
{
"name": "CVE-2025-43538",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43538"
},
{
"name": "CVE-2025-46288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46288"
},
{
"name": "CVE-2025-43541",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43541"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-43516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43516"
},
{
"name": "CVE-2025-46281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46281"
},
{
"name": "CVE-2025-43530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43530"
},
{
"name": "CVE-2025-43501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43501"
},
{
"name": "CVE-2025-46276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46276"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2025-43428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43428"
},
{
"name": "CVE-2025-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43512"
},
{
"name": "CVE-2025-43535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43535"
},
{
"name": "CVE-2025-43521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43521"
},
{
"name": "CVE-2025-43531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43531"
},
{
"name": "CVE-2025-46287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46287"
},
{
"name": "CVE-2025-43509",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43509"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-12-15T00:00:00",
"last_revision_date": "2025-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1110",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-14174 et CVE-2025-43529 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125887",
"url": "https://support.apple.com/en-us/125887"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125891",
"url": "https://support.apple.com/en-us/125891"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125884",
"url": "https://support.apple.com/en-us/125884"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125886",
"url": "https://support.apple.com/en-us/125886"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125885",
"url": "https://support.apple.com/en-us/125885"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125889",
"url": "https://support.apple.com/en-us/125889"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125890",
"url": "https://support.apple.com/en-us/125890"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125892",
"url": "https://support.apple.com/en-us/125892"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125888",
"url": "https://support.apple.com/en-us/125888"
}
]
}
NCSC-2025-0396
Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:06 - Updated: 2025-12-15 09:06Summary
Kwetsbaarheden verholpen in Apple macOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).
Interpretaties
De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.
Oplossingen
Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-125
Out-of-bounds Read
CWE-190
Integer Overflow or Wraparound
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-275
CWE-275
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-284
Improper Access Control
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-371
CWE-371
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE-456
Missing Initialization of a Variable
CWE-488
Exposure of Data Element to Wrong Session
CWE-524
Use of Cache Containing Sensitive Information
CWE-532
Insertion of Sensitive Information into Log File
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-862
Missing Authorization
CWE-1018
CWE-1018
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "CWE-275",
"title": "CWE-275"
},
{
"category": "general",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "CWE-371",
"title": "CWE-371"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "User Interface (UI) Misrepresentation of Critical Information",
"title": "CWE-451"
},
{
"category": "general",
"text": "Missing Initialization of a Variable",
"title": "CWE-456"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CWE-1018",
"title": "CWE-1018"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125886"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125887"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/125888"
}
],
"title": "Kwetsbaarheden verholpen in Apple macOS",
"tracking": {
"current_release_date": "2025-12-15T09:06:36.450655Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0396",
"initial_release_date": "2025-12-15T09:06:36.450655Z",
"revision_history": [
{
"date": "2025-12-15T09:06:36.450655Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7264 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-8906",
"notes": [
{
"category": "description",
"text": "Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome\u0027s Downloads UI.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-8906"
},
{
"cve": "CVE-2025-5918",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-5918"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43320",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43320 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43320.json"
}
],
"title": "CVE-2025-43320"
},
{
"cve": "CVE-2025-43410",
"cwe": {
"id": "CWE-524",
"name": "Use of Cache Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43410 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43410"
},
{
"cve": "CVE-2025-43416",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43416 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43416.json"
}
],
"title": "CVE-2025-43416"
},
{
"cve": "CVE-2025-43428",
"notes": [
{
"category": "description",
"text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
}
],
"title": "CVE-2025-43428"
},
{
"cve": "CVE-2025-43463",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43463 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43463.json"
}
],
"title": "CVE-2025-43463"
},
{
"cve": "CVE-2025-43482",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43482 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43482.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43482"
},
{
"cve": "CVE-2025-43501",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43501 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
}
],
"title": "CVE-2025-43501"
},
{
"cve": "CVE-2025-43509",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43509 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43509.json"
}
],
"title": "CVE-2025-43509"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43511 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43511"
},
{
"cve": "CVE-2025-43512",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43512 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
}
],
"title": "CVE-2025-43512"
},
{
"cve": "CVE-2025-43513",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43513 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43513.json"
}
],
"title": "CVE-2025-43513"
},
{
"cve": "CVE-2025-43514",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improved cache management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43514 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43514.json"
}
],
"title": "CVE-2025-43514"
},
{
"cve": "CVE-2025-43516",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user\u0027s activity through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43516.json"
}
],
"title": "CVE-2025-43516"
},
{
"cve": "CVE-2025-43517",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43517.json"
}
],
"title": "CVE-2025-43517"
},
{
"cve": "CVE-2025-43518",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43518 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
}
],
"title": "CVE-2025-43518"
},
{
"cve": "CVE-2025-43519",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43519 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43519.json"
}
],
"title": "CVE-2025-43519"
},
{
"cve": "CVE-2025-43521",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43521 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43521.json"
}
],
"title": "CVE-2025-43521"
},
{
"cve": "CVE-2025-43522",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43522 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43522.json"
}
],
"title": "CVE-2025-43522"
},
{
"cve": "CVE-2025-43523",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43523 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43523.json"
}
],
"title": "CVE-2025-43523"
},
{
"cve": "CVE-2025-43526",
"notes": [
{
"category": "description",
"text": "The issue was addressed through the implementation of enhanced URL validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43526 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43526.json"
}
],
"title": "CVE-2025-43526"
},
{
"cve": "CVE-2025-43527",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Insufficient Permissions or Privileges ",
"title": "CWE-280"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43527 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43527.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43527"
},
{
"cve": "CVE-2025-43529",
"notes": [
{
"category": "description",
"text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43530",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43530 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
}
],
"title": "CVE-2025-43530"
},
{
"cve": "CVE-2025-43531",
"notes": [
{
"category": "description",
"text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43531 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
}
],
"title": "CVE-2025-43531"
},
{
"cve": "CVE-2025-43532",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43532 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43532"
},
{
"cve": "CVE-2025-43533",
"notes": [
{
"category": "description",
"text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43535",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improvements in memory management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43535 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
}
],
"title": "CVE-2025-43535"
},
{
"cve": "CVE-2025-43536",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43536 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
}
],
"title": "CVE-2025-43536"
},
{
"cve": "CVE-2025-43538",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
}
],
"title": "CVE-2025-43538"
},
{
"cve": "CVE-2025-43539",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43539 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
}
],
"title": "CVE-2025-43539"
},
{
"cve": "CVE-2025-43541",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43541 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
}
],
"title": "CVE-2025-43541"
},
{
"cve": "CVE-2025-43542",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43542 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
}
],
"title": "CVE-2025-43542"
},
{
"cve": "CVE-2025-46276",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46276 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
}
],
"title": "CVE-2025-46276"
},
{
"cve": "CVE-2025-46277",
"notes": [
{
"category": "description",
"text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
}
],
"title": "CVE-2025-46277"
},
{
"cve": "CVE-2025-46278",
"notes": [
{
"category": "description",
"text": "The issue was addressed through improved cache management techniques.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46278 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46278.json"
}
],
"title": "CVE-2025-46278"
},
{
"cve": "CVE-2025-46279",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46279 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
}
],
"title": "CVE-2025-46279"
},
{
"cve": "CVE-2025-46281",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46281 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46281.json"
}
],
"title": "CVE-2025-46281"
},
{
"cve": "CVE-2025-46282",
"notes": [
{
"category": "description",
"text": "The issue was addressed by implementing additional permissions checks to enhance security measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46282 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46282.json"
}
],
"title": "CVE-2025-46282"
},
{
"cve": "CVE-2025-46283",
"notes": [
{
"category": "description",
"text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
}
],
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46285",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46285 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
}
],
"title": "CVE-2025-46285"
},
{
"cve": "CVE-2025-46287",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
}
],
"title": "CVE-2025-46287"
},
{
"cve": "CVE-2025-46288",
"notes": [
{
"category": "description",
"text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
}
],
"title": "CVE-2025-46288"
},
{
"cve": "CVE-2025-46289",
"notes": [
{
"category": "description",
"text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46289 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46289.json"
}
],
"title": "CVE-2025-46289"
},
{
"cve": "CVE-2025-46291",
"notes": [
{
"category": "description",
"text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46291 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46291.json"
}
],
"title": "CVE-2025-46291"
}
]
}
NCSC-2026-0063
Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:24 - Updated: 2026-02-13 13:24Summary
Kwetsbaarheden verholpen in Apple macOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.
Interpretaties
De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.
Oplossingen
Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
Improper Access Control
CWE-416
Use After Free
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-823
Use of Out-of-range Pointer Offset
CWE-825
Expired Pointer Dereference
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico\u0027s te mitigeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126348"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126349"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126350"
}
],
"title": "Kwetsbaarheden verholpen in Apple macOS",
"tracking": {
"current_release_date": "2026-02-13T13:24:06.433550Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0063",
"initial_release_date": "2026-02-13T13:24:06.433550Z",
"revision_history": [
{
"date": "2026-02-13T13:24:06.433550Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43338 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43338.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43338"
},
{
"cve": "CVE-2025-43402",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43402 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43402.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43402"
},
{
"cve": "CVE-2025-43403",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43403 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43403.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43403"
},
{
"cve": "CVE-2025-43417",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43417 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43417.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43417"
},
{
"cve": "CVE-2025-43529",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-46283",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46290",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46290 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46290.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46290"
},
{
"cve": "CVE-2025-46300",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-46310",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46310 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46310.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46310"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20601",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20601 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20601.json"
}
],
"title": "CVE-2026-20601"
},
{
"cve": "CVE-2026-20602",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20602 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20602.json"
}
],
"title": "CVE-2026-20602"
},
{
"cve": "CVE-2026-20603",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20603 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20603.json"
}
],
"title": "CVE-2026-20603"
},
{
"cve": "CVE-2026-20605",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20606 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"notes": [
{
"category": "description",
"text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
}
],
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"notes": [
{
"category": "description",
"text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
}
],
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20610",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20610 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20610.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20610"
},
{
"cve": "CVE-2026-20611",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20611 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20612",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20612 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20612.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20612"
},
{
"cve": "CVE-2026-20614",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20614 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20614.json"
}
],
"title": "CVE-2026-20614"
},
{
"cve": "CVE-2026-20615",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20615 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
}
],
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20616 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
}
],
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"notes": [
{
"category": "description",
"text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
}
],
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20618",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20618 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20618.json"
}
],
"title": "CVE-2026-20618"
},
{
"cve": "CVE-2026-20619",
"notes": [
{
"category": "description",
"text": "A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20619 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20619.json"
}
],
"title": "CVE-2026-20619"
},
{
"cve": "CVE-2026-20620",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20620 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20620.json"
}
],
"title": "CVE-2026-20620"
},
{
"cve": "CVE-2026-20621",
"notes": [
{
"category": "description",
"text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20621 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
}
],
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20623",
"notes": [
{
"category": "description",
"text": "A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20623 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20623.json"
}
],
"title": "CVE-2026-20623"
},
{
"cve": "CVE-2026-20624",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20624 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20624.json"
}
],
"title": "CVE-2026-20624"
},
{
"cve": "CVE-2026-20625",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20625 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20625.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20625"
},
{
"cve": "CVE-2026-20626",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20629",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20629 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20629.json"
}
],
"title": "CVE-2026-20629"
},
{
"cve": "CVE-2026-20630",
"cwe": {
"id": "CWE-277",
"name": "Insecure Inherited Permissions"
},
"notes": [
{
"category": "other",
"text": "Insecure Inherited Permissions",
"title": "CWE-277"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20630 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20630.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20630"
},
{
"cve": "CVE-2026-20634",
"notes": [
{
"category": "description",
"text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"notes": [
{
"category": "description",
"text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20636 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
}
],
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20641",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
}
],
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20646",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20646 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20646.json"
}
],
"title": "CVE-2026-20646"
},
{
"cve": "CVE-2026-20647",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20647 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20647.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20647"
},
{
"cve": "CVE-2026-20648",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20648 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20648"
},
{
"cve": "CVE-2026-20649",
"notes": [
{
"category": "description",
"text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
}
],
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"notes": [
{
"category": "description",
"text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
}
],
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20656",
"notes": [
{
"category": "description",
"text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
}
],
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20658",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20658 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20658.json"
}
],
"title": "CVE-2026-20658"
},
{
"cve": "CVE-2026-20660",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20662",
"notes": [
{
"category": "description",
"text": "An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20662 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20662.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20662"
},
{
"cve": "CVE-2026-20666",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20666.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20666"
},
{
"cve": "CVE-2026-20667",
"notes": [
{
"category": "description",
"text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20669",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20669 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20669.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20669"
},
{
"cve": "CVE-2026-20671",
"notes": [
{
"category": "description",
"text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20671 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20675",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20675 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"notes": [
{
"category": "description",
"text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20680",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20681",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20681 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20681.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20681"
},
{
"cve": "CVE-2026-20700",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20700 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20700"
}
]
}
GHSA-28PX-J7X8-C96Q
Vulnerability from github – Published: 2025-12-17 21:30 – Updated: 2025-12-18 21:31
VLAI?
Details
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-46283"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-17T21:16:13Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.",
"id": "GHSA-28px-j7x8-c96q",
"modified": "2025-12-18T21:31:37Z",
"published": "2025-12-17T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46283"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125886"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2025-46283
Vulnerability from fkie_nvd - Published: 2025-12-17 21:16 - Updated: 2025-12-18 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125886 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75",
"versionEndExcluding": "26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data."
}
],
"id": "CVE-2025-46283",
"lastModified": "2025-12-18T20:15:56.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-17T21:16:13.630",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125886"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CNVD-2026-04235
Vulnerability from cnvd - Published: 2026-01-16
VLAI Severity ?
Title
Apple macOS Tahoe信息泄露漏洞(CNVD-2026-04235)
Description
Apple macOS是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。
Apple macOS Tahoe存在信息泄露漏洞,攻击者可利用该漏洞导致应用程序访问敏感用户数据。
Severity
中
Patch Name
Apple macOS Tahoe信息泄露漏洞(CNVD-2026-04235)的补丁
Patch Description
Apple macOS是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。
Apple macOS Tahoe存在信息泄露漏洞,攻击者可利用该漏洞导致应用程序访问敏感用户数据。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://support.apple.com/en-us/125886
Reference
https://support.apple.com/en-us/125886
Impacted products
| Name | Apple macOS Tahoe <26.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-46283",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-46283"
}
},
"description": "Apple macOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nApple macOS Tahoe\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u8bbf\u95ee\u654f\u611f\u7528\u6237\u6570\u636e\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/125886",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-04235",
"openTime": "2026-01-16",
"patchDescription": "Apple macOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple macOS Tahoe\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u8bbf\u95ee\u654f\u611f\u7528\u6237\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple macOS Tahoe\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-04235\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apple macOS Tahoe \u003c26.2"
},
"referenceLink": "https://support.apple.com/en-us/125886",
"serverity": "\u4e2d",
"submitTime": "2025-12-25",
"title": "Apple macOS Tahoe\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-04235\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…