Apple macOS vulnerabilities

CVE-2025-43508 [MEDIUM] CWE-532 CVE-2025-43508: A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

CVE-2024-44210 [LOW] CWE-284 CVE-2024-44210: This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15 This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.

CVE-2025-46297 [MEDIUM] CWE-284 CVE-2025-46297: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.

CVE-2025-46298 [MEDIUM] CWE-119 CVE-2025-46298: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-46299 [MEDIUM] CWE-284 CVE-2025-46299: A memory initialization issue was addressed with improved memory handling. This issue is fixed in Sa A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.

CVE-2025-43428 [CRITICAL] CWE-306 CVE-2025-43428: A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 an A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication.

CVE-2025-43526 [CRITICAL] CWE-601 CVE-2025-43526: This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tah This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

CVE-2025-46291 [HIGH] CWE-693 CVE-2025-46291: A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An ap A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.

CVE-2025-46281 [HIGH] CWE-693 CVE-2025-46281: A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app ma A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.

CVE-2025-43529 [HIGH] CVE-2025-43529: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been expl

CVE-2025-46282 [MEDIUM] CWE-284 CVE-2025-46282: The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macO The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access sensitive user data.

CVE-2025-43541 [MEDIUM] CWE-843 CVE-2025-43541: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26. A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2025-46283 [MEDIUM] CWE-200 CVE-2025-46283: A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.4, ma A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access sensitive user data.

CVE-2025-43535 [MEDIUM] CVE-2025-43535: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-46278 [MEDIUM] CWE-200 CVE-2025-46278: The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. A The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.

CVE-2025-46288 [MEDIUM] CWE-284 CVE-2025-46288: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens.

CVE-2025-43514 [MEDIUM] CWE-200 CVE-2025-43514: The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. A The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.

CVE-2025-43536 [MEDIUM] CWE-416 CVE-2025-43536: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43533 [MEDIUM] CWE-20 CVE-2025-43533: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.

CVE-2025-43501 [MEDIUM] CWE-787 CVE-2025-43501: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.