Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ipados

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

36

CISA CVEs -

0

NVD CVEs -

1874
Related CVEsRelated VendorsRelated AssignersReports
1878Vulnerabilities found
CVE-2025-46311
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.99%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 17:35
Updated-12 May, 2026 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-28995
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.52%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-28940
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.60%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-22 May, 2026 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadosiphone_osvisionosmacosmacOSvisionOSiOS and iPadOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28917
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.33%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-20
Improper Input Validation
CVE-2026-28901
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 14.36%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28936
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.81%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2026-28873
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.70%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28977
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.81%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28920
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.73%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-43659
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 1.55%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSiOS and iPadOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28897
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.81%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28907
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-0.15% / 35.07%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-20
Improper Input Validation
CVE-2026-43654
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.29%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2026-28971
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 10.41%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSSafariiOS and iPadOS
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2026-28951
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.50%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28947
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.65%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-416
Use After Free
CVE-2026-43658
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28905
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.99%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvosiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-43661
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.59%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28913
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.99%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchoswatchOSiOS and iPadOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28944
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSSafariiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28987
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-28929
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.19%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-1254
Incorrect Comparison Logic Granularity
CVE-2026-28883
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-416
Use After Free
CVE-2026-28964
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.87%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosvisionosvisionOSiOS and iPadOS
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-28860
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.27%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A local attacker may be able to modify the state of the Keychain.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2026-28965
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.77%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:08
Updated-12 May, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-28990
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28986
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.08%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacostvoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28969
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.29%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-416
Use After Free
CVE-2026-43660
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.29%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-28904
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28953
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28958
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.86%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSSafariiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-28962
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-13 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSSafariiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-28974
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2026-28954
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.61%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-12 May, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-28903
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28942
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.65%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-416
Use After Free
CVE-2026-28996
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.46%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-28943
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacoswatchosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-28902
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-14 May, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchoswatchOSiOS and iPadOSvisionOStvOSmacOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28847
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.89%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-22 May, 2026 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchosvisionOSwatchOSmacOStvOSiOS and iPadOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28955
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.55%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:07
Updated-22 May, 2026 | 12:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osvisionosmacostvoswatchosvisionOSwatchOSmacOStvOSiOS and iPadOSSafari
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-28950
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.67%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 18:22
Updated-17 May, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOSiPadOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-43210
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 7.16%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 18:21
Updated-03 Apr, 2026 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43202
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.25%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 18:10
Updated-03 Apr, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28864
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.01% / 1.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:35
Updated-02 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.

Action-Not Available
Vendor-Apple Inc.
Product-visionoswatchosmacosiphone_osipadosmacOSwatchOSiOS and iPadOSvisionOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-20691
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 14.01%
||
7 Day CHG+0.01%
Published-25 Mar, 2026 | 00:35
Updated-02 Apr, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.

Action-Not Available
Vendor-Apple Inc.
Product-visionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOSiOS and iPadOSwatchOS
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2026-28833
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.38%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:35
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosmacosmacOSvisionOSiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 37
  • 38
  • Next