Apple Macos Tahoe vulnerabilities

CVE-2026-20677 [CRITICAL] CVE-2026-20677: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20677 Component: Messages Impact: A shortcut may be able to bypass sandbox restrictions Description: A race condition was addressed with improved handling of symbolic links.

CVE-2026-20652 [HIGH] CVE-2026-20652: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20652 Component: WebKit Impact: A remote attacker may be able to cause a denial-of-service Description: The issue was addressed with improved memory handling.

CVE-2026-20641 [HIGH] CVE-2026-20641: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20641 Component: StoreKit Impact: An app may be able to identify what other apps a user has installed Description: A privacy issue was addressed with improved checks.

CVE-2026-20628 [HIGH] CVE-2026-20628: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20628 Component: Sandbox Impact: An app may be able to break out of its sandbox Description: A permissions issue was addressed with additional restrictions.

CVE-2026-20649 [HIGH] CVE-2026-20649: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20649 Component: Game Center Impact: A user may be able to view sensitive user information Description: A logging issue was addressed with improved data redaction.

CVE-2026-20650 [HIGH] CVE-2026-20650: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20650 Component: Bluetooth Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets Description: A denial-of-service issue was addressed with improved validation.

CVE-2026-20622 [HIGH] CVE-2026-20622: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20622 Component: Shortcuts Impact: An app may be able to capture a user's screen Description: A privacy issue was addressed with improved handling of temporary files.

CVE-2025-59375 [HIGH] CVE-2025-59375: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2025-59375 Component: CVE-2025-59375 Impact: An app may be able to break out of its sandbox Description: A logic issue was addressed with improved checks.

CVE-2026-20620 [HIGH] CVE-2026-20620: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20620 Component: GPU Drivers Impact: An attacker may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2026-20614 [HIGH] CVE-2026-20614: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20614 Component: Remote Management Impact: An app may be able to gain root privileges Description: A path handling issue was addressed with improved validation.

CVE-2026-20615 [HIGH] CVE-2026-20615: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20615 Component: CoreServices Impact: An app may be able to gain root privileges Description: A path handling issue was addressed with improved validation.

CVE-2026-20660 [HIGH] CVE-2026-20660: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20660 Component: CFNetwork Impact: A remote user may be able to write arbitrary files Description: A path handling issue was addressed with improved logic.

CVE-2026-20610 [HIGH] CVE-2026-20610: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20610 Component: Setup Assistant Impact: An app may be able to gain root privileges Description: This issue was addressed with improved handling of symlinks.

CVE-2026-20639 [HIGH] CVE-2026-20639: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20639 Component: CFNetwork Impact: A remote user may be able to write arbitrary files Description: A path handling issue was addressed with improved logic.

CVE-2026-20606 [HIGH] CVE-2026-20606: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20606 Component: UIKit Impact: An app may be able to bypass certain Privacy preferences Description: This issue was addressed by removing the vulnerable code.

CVE-2026-20611 [HIGH] CVE-2026-20611: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20611 Component: CoreAudio Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2026-20658 [HIGH] CVE-2026-20658: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20658 Component: Security Impact: An app may be able to gain root privileges Description: A package validation issue was addressed by blocking the vulnerable package.

CVE-2026-20667 [HIGH] CVE-2026-20667: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20667 Component: CVE-2025-59375 Impact: An app may be able to break out of its sandbox Description: A logic issue was addressed with improved checks.

CVE-2026-28855 [HIGH] CVE-2026-28855: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-28855 Component: Screen Time Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions.

CVE-2026-20700 [HIGH] CVE-2026-20700: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20700 Component: CoreServices Impact: An app may be able to access sensitive user data Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.