Apple macOS vulnerabilities

CVE-2026-20670 [MEDIUM] CVE-2026-20670: An authorization issue was addressed with improved state management. This issue is fixed in macOS So An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.

CVE-2026-20691 [MEDIUM] CWE-497 CVE-2026-20691: An authorization issue was addressed with improved state management. This issue is fixed in Safari 2 An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2026-28892 [MEDIUM] CVE-2026-28892: A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequ A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.

CVE-2026-28839 [MEDIUM] CWE-285 CVE-2026-28839: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS Son The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-28818 [MEDIUM] CWE-284 CVE-2026-28818: A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15. A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-28841 [MEDIUM] CWE-120 CVE-2026-28841: A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26 A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.

CVE-2026-28866 [MEDIUM] CWE-59 CVE-2026-28866: This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-28824 [MEDIUM] CWE-284 CVE-2026-28824: An authorization issue was addressed with improved state management. This issue is fixed in macOS Se An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-20693 [MEDIUM] CWE-732 CVE-2026-20693: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An attacker with root privileges may be able to delete protected system files.

CVE-2026-20664 [MEDIUM] CWE-787 CVE-2026-20664: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-28834 [MEDIUM] CWE-362 CVE-2026-28834: A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15 A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to cause unexpected system termination.

CVE-2026-20692 [MEDIUM] CVE-2026-20692: A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content.

CVE-2026-28882 [MEDIUM] CVE-2026-28882: This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macO This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.

CVE-2026-28852 [MEDIUM] CWE-20 CVE-2026-28852: A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.

CVE-2026-28888 [MEDIUM] CWE-362 CVE-2026-28888: A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15 A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges.

CVE-2026-20607 [MEDIUM] CWE-269 CVE-2026-20607: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.

CVE-2026-28823 [MEDIUM] CWE-284 CVE-2026-28823: A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files.

CVE-2026-20697 [MEDIUM] CWE-284 CVE-2026-20697: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-28828 [MEDIUM] CWE-284 CVE-2026-28828: A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequ A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.

CVE-2026-20699 [MEDIUM] CWE-347 CVE-2026-20699: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.