Apple iPadOS vulnerabilities

CVE-2026-28868 [MEDIUM] CWE-532 CVE-2026-28868: A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iP A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory.

CVE-2026-20686 [MEDIUM] CWE-20 CVE-2026-20686: This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

CVE-2026-20657 [MEDIUM] CWE-119 CVE-2026-20657: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

CVE-2026-28856 [MEDIUM] CWE-284 CVE-2026-28856: The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26. The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2026-28866 [MEDIUM] CWE-59 CVE-2026-28866: This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-20691 [MEDIUM] CWE-497 CVE-2026-20691: An authorization issue was addressed with improved state management. This issue is fixed in Safari 2 An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2026-20664 [MEDIUM] CWE-787 CVE-2026-20664: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-28863 [MEDIUM] CVE-2026-28863: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.

CVE-2026-28822 [MEDIUM] CWE-843 CVE-2026-28822: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker may be able to cause unexpected app termination.

CVE-2026-20637 [MEDIUM] CWE-416 CVE-2026-20637: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.

CVE-2026-28852 [MEDIUM] CWE-20 CVE-2026-28852: A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.

CVE-2026-20692 [MEDIUM] CVE-2026-20692: A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content.

CVE-2026-28895 [MEDIUM] CWE-284 CVE-2026-28895: The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An at The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.

CVE-2026-28857 [MEDIUM] CWE-125 CVE-2026-28857: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-20665 [MEDIUM] CWE-693 CVE-2026-20665: This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVE-2026-28882 [MEDIUM] CVE-2026-28882: This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macO This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.

CVE-2026-28879 [MEDIUM] CWE-416 CVE-2026-28879: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-28871 [MEDIUM] CWE-79 CVE-2026-28871: A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.

CVE-2026-28867 [MEDIUM] CVE-2026-28867: This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.

CVE-2025-43534 [MEDIUM] CWE-284 CVE-2025-43534: A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.