Apple today updated the security content pages for several macOS, iOS, iPadOS, visionOS, and watchOS releases, adding new CVE details for vulnerabilities addressed in each update. Here are the details.

New details for older and recent software releases

Last September, Apple released macOS 14.8 Sonoma, iOS 18.7, and iPadOS 18.7, with important security updates addressing vulnerabilities that, among other things, could let an attacker access protected or sensitive user data.

Since then, Apple updated macOS Sonoma another six times, with the system currently sitting at version 14.8.7 (the company skipped 14.8.6). Likewise, iPhone and iPad users who have not moved to newer major releases have similarly continued to receive updates, with iOS 18 and iPadOS 18 now at version 18.7.9.

For Apple Watch and Apple Vision Pro users, Apple also released watchOS 26 and visionOS 26 last year, introducing multiple new features, in addition to including important security fixes.

That said, Apple today updated the security content page for these system versions (and then some), adding more details on the fixes included and their corresponding CVEs.

Here are the security fixes added today on iOS 26 and iPadOS 26’s security content page:

Siri

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2025-30468: Richard Hyunho Im (@richeeta), Jiwon Park

Calendar

We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.

Here’s what Apple added to the security content of visionOS 26 and watchOS 26:

Calendar

We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.

Kernel

We would like to acknowledge Sungwoo Kim, Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.

Here are the security fixes added today on macOS Sonoma 14.8’s security content page:

Call History

Available for: macOS Sonoma
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)

CoreServices

Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43290: Zhongcheng Li from IES Red Team of ByteDance

CoreServices

Available for: macOS Sonoma
Impact: A malicious app may be able to access sensitive user data
Description: A logic issue was addressed with improved validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)

FaceTime

Available for: macOS Sonoma
Impact: Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen
Description: This issue was addressed through improved state management.
CVE-2025-31271: Shantanu Thakur

Phone

Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43508: Wojciech Regula of SecuRing (wojciechregula.blog)

StorageKit

Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43306: Mickey Jin (@patch1t)

Here are the security fixes added today on macOS Sonoma 14.8.2’s security content page:

SQLite

Available for: macOS Sonoma
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965

And here’s what Apple added to the security content of iOS 18.7 and iPadOS 18.7:

Call History

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)

ImageIO

We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.

To learn more about Apple’s security updates, follow this link.

---

Update: Apple has also updated the security content details of macOS Sequoia 15.7:

Call History

Available for: macOS Sequoia
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)

CoreServices

Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43290: Zhongcheng Li from IES Red Team of ByteDance

CoreServices

Available for: macOS Sequoia
Impact: A malicious app may be able to access sensitive user data
Description: A logic issue was addressed with improved validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)

Crash Reporter

Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with additional validation.
CVE-2025-46284: an anonymous researcher

dyld

Available for: macOS Sequoia
Impact: Visiting a website may lead to an app denial-of-service
Description: A denial-of-service issue was addressed with improved input validation.
CVE-2025-43464: Duy Trần (@khanhduytran0), @EthanArbuckle

FaceTime

Available for: macOS Sequoia
Impact: Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen
Description: This issue was addressed through improved state management.
CVE-2025-31271: Shantanu Thakur

Phone

Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43508: Wojciech Regula of SecuRing (wojciechregula.blog)

StorageKit

Available for: macOS Sequoia
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43306: Mickey Jin (@patch1t)

Additionally, Apple updated macOS Tahoe 26’s security content details:

AWD

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2025-43451: Noah Gregory (wts.dev)

Compression

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2025-43403: Mickey Jin (@patch1t)

CoreServices

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43290: Zhongcheng Li from IES Red Team of ByteDance

CoreServices

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: A malicious app may be able to access sensitive user data
Description: A logic issue was addressed with improved validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)

Crash Reporter

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with additional validation.
CVE-2025-46284: an anonymous researcher

GPU Drivers

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-46280: Jian Lee (@speedyfriend433)

PackageKit

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An attacker with root privileges may be able to delete protected system files
Description: This issue was addressed through improved state management.
CVE-2025-46310: Mickey Jin (@patch1t)

Sandbox

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved restrictions.
CVE-2025-46307: Yiğit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher

StorageKit

Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43306: Mickey Jin (@patch1t)

Calendar

We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.

Kernel

We would like to acknowledge Sungwoo Kim, Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.

Finally, Apple added one item to the security details of tvOS 26:

Kernel

We would like to acknowledge Sungwoo Kim, Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.

Worth checking out on Amazon

• David Pogue – ’Apple: The First 50 Years’
• MacBook Neo
• Logitech MX Master 4
• AirPods Pro 3
• AirTag (2nd Generation) – 4 Pack
• Apple Watch Series 11
• Wireless CarPlay adapter

FTC: We use income earning auto affiliate links. More.