CVE-2025-43338: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Affects ImageIO |
| |
|
|
|
x |
|
|
|
CVE-2025-43402: An app may be able to cause unexpected system termination or corrupt process memory.
Affects WindowServer |
| |
|
|
x |
x |
|
|
|
CVE-2025-43403: An app may be able to access sensitive user data.
Affects Compression |
| |
|
|
x |
x |
|
|
|
CVE-2025-43417: An app may be able to access user-sensitive data.
Affects File Bookmark |
| |
|
|
|
x |
|
|
|
CVE-2025-43537: Restoring a maliciously crafted backup file may lead to modification of protected system files.
Affects Books |
| |
x |
|
|
|
|
|
|
CVE-2025-46283: An app may be able to access sensitive user data.
Affects CoreServices |
| |
|
|
|
x |
|
|
|
CVE-2025-46290: A remote attacker may be able to cause a denial-of-service.
Affects Security |
| |
|
|
x |
x |
|
|
|
CVE-2025-46305: A malicious HID device may cause an unexpected process crash.
Affects Multi-Touch |
| |
x |
|
x |
x |
|
|
|
CVE-2025-46310: An attacker with root privileges may be able to delete protected system files.
Affects PackageKit |
| |
|
|
x |
x |
|
|
|
CVE-2026-20601: An app may be able to monitor keystrokes without user permission.
Affects Foundation |
| |
|
x |
|
|
|
|
|
CVE-2026-20602: An app may be able to cause a denial-of-service.
Affects WindowServer |
| |
|
x |
x |
x |
|
|
|
CVE-2026-20603: An app with root privileges may be able to access private information.
Affects Notification Center |
| |
|
x |
|
|
|
|
|
CVE-2026-20605: An app may be able to crash a system process.
Affects Voice Control |
| |
x |
x |
x |
x |
|
|
|
CVE-2026-20606: An app may be able to bypass certain Privacy preferences.
Affects UIKit |
| x |
x |
x |
x |
x |
|
|
|
CVE-2026-20608: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects WebKit |
| x |
x |
x |
|
|
|
|
x |
CVE-2026-20609: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
Affects CoreMedia |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20610: An app may be able to gain root privileges.
Affects Setup Assistant |
| |
|
x |
|
|
|
|
|
CVE-2026-20611: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Affects CoreAudio |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20612: An app may be able to access sensitive user data.
Affects Spotlight |
| |
|
x |
x |
x |
|
|
|
CVE-2026-20614: An app may be able to gain root privileges.
Affects Remote Management |
| |
|
x |
x |
x |
|
|
|
CVE-2026-20615: An app may be able to gain root privileges.
Affects CoreServices |
| x |
|
x |
|
x |
|
|
x |
CVE-2026-20616: Processing a maliciously crafted USD file may lead to unexpected app termination.
Affects Model I/O |
| |
x |
x |
|
x |
|
|
x |
CVE-2026-20617: An app may be able to gain root privileges.
Affects CoreServices |
| x |
|
x |
|
x |
x |
x |
x |
CVE-2026-20618: An app may be able to access user-sensitive data.
Affects System Settings |
| |
|
x |
|
|
|
|
|
CVE-2026-20619: An app may be able to access sensitive user data.
Affects System Settings |
| |
|
x |
x |
|
|
|
|
CVE-2026-20620: An attacker may be able to cause unexpected system termination or read kernel memory.
Affects GPU Drivers |
| |
|
x |
x |
x |
|
|
|
CVE-2026-20621: An app may be able to cause unexpected system termination or corrupt kernel memory.
Affects Wi-Fi |
| x |
x |
x |
x |
x |
|
|
x |
CVE-2026-20623: An app may be able to access protected user data.
Affects Foundation |
| |
|
x |
|
|
|
|
|
CVE-2026-20624: An app may be able to access sensitive user data.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
|
CVE-2026-20625: An app may be able to access sensitive user data.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
x |
CVE-2026-20626: A malicious app may be able to gain root privileges.
Affects Kernel |
| x |
|
x |
x |
|
|
|
x |
CVE-2026-20627: An app may be able to access sensitive user data.
Affects CoreServices |
| x |
|
x |
|
x |
|
x |
x |
CVE-2026-20628: An app may be able to break out of its sandbox.
Affects Sandbox |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20629: An app may be able to access user-sensitive data.
Affects Foundation |
| |
|
x |
|
|
|
|
|
CVE-2026-20630: An app may be able to access protected user data.
Affects LaunchServices |
| |
|
x |
|
|
|
|
|
CVE-2026-20634: Processing a maliciously crafted image may result in disclosure of process memory.
Affects ImageIO |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20635: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects WebKit |
| x |
x |
x |
|
|
x |
x |
x |
CVE-2026-20638: A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.
Affects Call History |
| x |
|
|
|
|
|
|
|
CVE-2026-20640: An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.
Affects UIKit |
| x |
|
|
|
|
|
|
|
CVE-2026-20641: An app may be able to identify what other apps a user has installed.
Affects StoreKit |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20642: A person with physical access to an iOS device may be able to access photos from the lock screen.
Affects Photos |
| x |
|
|
|
|
|
|
|
CVE-2026-20645: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects Accessibility |
| x |
x |
|
|
|
|
|
|
CVE-2026-20646: A malicious app may be able to read sensitive location information.
Affects Weather |
| |
|
x |
|
|
|
|
|
CVE-2026-20647: An app may be able to access sensitive user data.
Affects Siri |
| |
|
x |
|
|
|
|
|
CVE-2026-20648: A malicious app may be able to access notifications from other iCloud devices.
Affects Siri |
| |
|
x |
|
|
|
|
|
CVE-2026-20649: A user may be able to view sensitive user information.
Affects Game Center |
| x |
|
x |
|
|
x |
x |
|
CVE-2026-20650: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.
Affects Bluetooth |
| x |
|
x |
|
|
x |
x |
x |
CVE-2026-20652: A remote attacker may be able to cause a denial-of-service.
Affects WebKit |
| x |
x |
x |
|
|
|
|
x |
CVE-2026-20653: An app may be able to access sensitive user data.
Affects Shortcuts |
| x |
x |
x |
x |
x |
|
|
x |
CVE-2026-20654: An app may be able to cause unexpected system termination.
Affects Kernel |
| x |
|
x |
|
|
x |
x |
x |
CVE-2026-20655: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects Live Captions |
| x |
x |
|
|
|
|
|
|
CVE-2026-20656: An app may be able to access a user's Safari history.
Affects Safari |
| |
x |
x |
|
|
|
|
|
CVE-2026-20658: An app may be able to gain root privileges.
Affects Security |
| |
|
x |
|
|
|
|
|
CVE-2026-20660: A remote user may be able to write arbitrary files.
Affects CFNetwork |
| x |
x |
x |
|
x |
|
|
x |
CVE-2026-20661: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects VoiceOver |
| x |
x |
|
|
|
|
|
|
CVE-2026-20662: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects Siri |
| |
|
x |
x |
|
|
|
|
CVE-2026-20663: An app may be able to enumerate a user's installed apps.
Affects LaunchServices |
| x |
x |
|
|
|
|
|
|
CVE-2026-20666: An app may be able to access sensitive user data.
Affects NSOpenPanel |
| |
|
x |
|
|
|
|
|
CVE-2026-20667: An app may be able to break out of its sandbox.
Affects libxpc |
| x |
|
x |
x |
x |
|
x |
|
CVE-2026-20669: An app may be able to access sensitive user data.
Affects Admin Framework |
| |
|
x |
|
|
|
|
|
CVE-2026-20671: An attacker in a privileged network position may be able to intercept network traffic.
Affects Kernel |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20673: Turning off "Load remote content in messages? may not apply to all mail previews.
Affects Mail |
| |
x |
x |
x |
x |
|
|
|
CVE-2026-20674: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects Accessibility |
| x |
|
|
|
|
|
|
|
CVE-2026-20675: Processing a maliciously crafted image may lead to disclosure of user information.
Affects ImageIO |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2026-20676: A website may be able to track users through Safari web extensions.
Affects WebKit |
| x |
|
x |
|
|
|
|
x |
CVE-2026-20677: A shortcut may be able to bypass sandbox restrictions.
Affects Messages |
| x |
x |
x |
|
x |
|
|
x |
CVE-2026-20678: An app may be able to access sensitive user data.
Affects Sandbox Profiles |
| x |
x |
|
|
|
|
|
|
CVE-2026-20680: A sandboxed app may be able to access sensitive user data.
Affects Spotlight |
| x |
x |
x |
x |
x |
|
|
|
CVE-2026-20681: An app may be able to access information about a user's contacts.
Affects Contacts |
| |
|
x |
|
|
|
|
|
CVE-2026-20682: An attacker may be able to discover a user's deleted notes.
Affects Screenshots |
| x |
x |
|
|
|
|
|
|
CVE-2026-20700: An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report..
Affects dyld |
| x |
|
x |
|
|
x |
x |
x |
