Apple Macos Tahoe vulnerabilities

CVE-2026-20656 [LOW] CVE-2026-20656: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20656 Component: Safari Impact: An app may be able to access a user's Safari history Description: A logic issue was addressed with improved validation.

CVE-2026-20646 [LOW] CVE-2026-20646: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20646 Component: Weather Impact: A malicious app may be able to read sensitive location information Description: A logging issue was addressed with improved data redaction.

CVE-2026-20601 [LOW] CVE-2026-20601: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20601 Component: Foundation Impact: An app may be able to monitor keystrokes without user permission Description: A permissions issue was addressed with additional restrictions.

CVE-2026-20671 [LOW] CVE-2026-20671: macOS Tahoe 26.3 Apple Security Update: About the security content of macOS Tahoe 26.3 Product: macOS Tahoe Version: 26.3 CVE: CVE-2026-20671 Component: Kernel Impact: An attacker in a privileged network position may be able to intercept network traffic Description: A logic issue was addressed with improved checks.

CVE-2025-43428 [CRITICAL] CVE-2025-43428: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43428 Component: Photos Impact: Photos in the Hidden Photos Album may be viewed without authentication Description: A configuration issue was addressed with additional restrictions.

CVE-2025-43526 [CRITICAL] CVE-2025-43526: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43526 Component: Safari Impact: On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted Description: This issue was addressed with improved URL validation.

CVE-2025-43529 [HIGH] CVE-2025-43529: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43529 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in res

CVE-2025-46291 [HIGH] CVE-2025-46291: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-46291 Component: LaunchServices Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation.

CVE-2025-43527 [HIGH] CVE-2025-43527: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43527 Component: StorageKit Impact: An app may be able to gain root privileges Description: A permissions issue was addressed with additional restrictions.

CVE-2025-14174 [HIGH] CVE-2025-14174: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-14174 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in res

CVE-2025-46290 [HIGH] CVE-2025-46290: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-46290 Component: Security Impact: A remote attacker may be able to cause a denial-of-service Description: A logic issue was addressed with improved checks.

CVE-2025-46285 [HIGH] CVE-2025-46285: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-46285 Component: Kernel Impact: An app may be able to gain root privileges Description: An integer overflow was addressed by adopting 64-bit timestamps.

CVE-2025-9086 [HIGH] CVE-2025-9086: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-9086 Component: CVE-2025-9086

CVE-2025-43542 [HIGH] CVE-2025-43542: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43542 Component: FaceTime Impact: Password fields may be unintentionally revealed when remotely controlling a device over FaceTime Description: This issue was addressed with improved state management.

CVE-2025-43512 [HIGH] CVE-2025-43512: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43512 Component: Kernel Impact: An app may be able to elevate privileges Description: A logic issue was addressed with improved checks.

CVE-2025-43539 [HIGH] CVE-2025-43539: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43539 Component: AppleJPEG Impact: Processing a file may lead to memory corruption Description: The issue was addressed with improved bounds checks.

CVE-2025-46281 [HIGH] CVE-2025-46281: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-46281 Component: File Bookmark Impact: An app may be able to break out of its sandbox Description: A logic issue was addressed with improved checks.

CVE-2025-43513 [MEDIUM] CVE-2025-43513: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43513 Component: MDM Configuration Tools Impact: An app may be able to read sensitive location information Description: A permissions issue was addressed by removing the vulnerable code.

CVE-2025-46288 [MEDIUM] CVE-2025-46288: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-46288 Component: App Store Impact: An app may be able to access sensitive payment tokens Description: A permissions issue was addressed with additional restrictions.

CVE-2025-43538 [MEDIUM] CVE-2025-43538: macOS Tahoe 26.2 Apple Security Update: About the security content of macOS Tahoe 26.2 Product: macOS Tahoe Version: 26.2 CVE: CVE-2025-43538 Component: Screen Time Impact: An app may be able to access sensitive user data Description: A logging issue was addressed with improved data redaction.