Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
446 vulnerabilities found for Xcode by Apple
CVE-2026-28890 (GCVE-0-2026-28890)
Vulnerability from nvd – Published: 2026-03-25 00:32 – Updated: 2026-04-02 18:24
VLAI?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.
Severity ?
5.5 (Medium)
CWE
- An app may be able to cause unexpected system termination
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:57:34.890568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T18:07:48.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to cause unexpected system termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:24:17.212Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126801"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-28890",
"datePublished": "2026-03-25T00:32:51.440Z",
"dateReserved": "2026-03-03T16:36:03.980Z",
"dateUpdated": "2026-04-02T18:24:17.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28889 (GCVE-0-2026-28889)
Vulnerability from nvd – Published: 2026-03-25 00:31 – Updated: 2026-04-02 18:11
VLAI?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
Severity ?
6.2 (Medium)
CWE
- An app may be able to read arbitrary files as root
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:13:27.975044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:13:30.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read arbitrary files as root",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:05.556Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126801"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-28889",
"datePublished": "2026-03-25T00:31:44.560Z",
"dateReserved": "2026-03-03T16:36:03.980Z",
"dateUpdated": "2026-04-02T18:11:05.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31186 (GCVE-0-2025-31186)
Vulnerability from nvd – Published: 2026-01-16 17:06 – Updated: 2026-04-02 18:24
VLAI?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
Severity ?
CWE
- An app may be able to bypass Privacy preferences
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T18:26:21.212263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:28:37.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to bypass Privacy preferences",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:24:28.343Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122380"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31186",
"datePublished": "2026-01-16T17:06:10.519Z",
"dateReserved": "2025-03-27T16:13:58.311Z",
"dateUpdated": "2026-04-02T18:24:28.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43504 (GCVE-0-2025-43504)
Vulnerability from nvd – Published: 2025-11-04 01:17 – Updated: 2026-04-02 18:22
VLAI?
Summary
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
Severity ?
4.9 (Medium)
CWE
- A user in a privileged network position may be able to cause a denial-of-service
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T13:07:16.935477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T13:07:19.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user in a privileged network position may be able to cause a denial-of-service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:09.762Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125641"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43504",
"datePublished": "2025-11-04T01:17:21.026Z",
"dateReserved": "2025-04-16T15:27:21.193Z",
"dateUpdated": "2026-04-02T18:22:09.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43505 (GCVE-0-2025-43505)
Vulnerability from nvd – Published: 2025-11-04 01:16 – Updated: 2026-04-02 18:17
VLAI?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
Severity ?
8.8 (High)
CWE
- Processing a maliciously crafted file may lead to heap corruption
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:22.307825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:34.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted file may lead to heap corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:17:54.767Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125641"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43505",
"datePublished": "2025-11-04T01:16:46.705Z",
"dateReserved": "2025-04-16T15:27:21.193Z",
"dateUpdated": "2026-04-02T18:17:54.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43375 (GCVE-0-2025-43375)
Vulnerability from nvd – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:21
VLAI?
Summary
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity ?
7.5 (High)
CWE
- Processing an overly large path value may crash a process
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:36:48.222793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:24:28.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:52.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing an overly large path value may crash a process",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:21:11.160Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43375",
"datePublished": "2025-09-15T22:35:27.230Z",
"dateReserved": "2025-04-16T15:24:37.115Z",
"dateUpdated": "2026-04-02T18:21:11.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43263 (GCVE-0-2025-43263)
Vulnerability from nvd – Published: 2025-09-15 22:34 – Updated: 2026-04-02 18:11
VLAI?
Summary
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
Severity ?
7.1 (High)
CWE
- An app may be able to read and write files outside of its sandbox
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:40:33.815609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:26:52.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:50.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read and write files outside of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:14.679Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43263",
"datePublished": "2025-09-15T22:34:36.899Z",
"dateReserved": "2025-04-16T15:24:37.099Z",
"dateUpdated": "2026-04-02T18:11:14.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43371 (GCVE-0-2025-43371)
Vulnerability from nvd – Published: 2025-09-15 22:34 – Updated: 2026-04-02 18:11
VLAI?
Summary
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
Severity ?
8.2 (High)
CWE
- An app may be able to break out of its sandbox
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:40:41.659342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:26:58.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:47.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:08.283Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43371",
"datePublished": "2025-09-15T22:34:35.897Z",
"dateReserved": "2025-04-16T15:24:37.114Z",
"dateUpdated": "2026-04-02T18:11:08.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43370 (GCVE-0-2025-43370)
Vulnerability from nvd – Published: 2025-09-15 22:34 – Updated: 2026-04-02 18:08
VLAI?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity ?
4 (Medium)
CWE
- Processing an overly large path value may crash a process
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T15:01:11.182130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T15:02:24.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:46.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing an overly large path value may crash a process",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:08:15.385Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43370",
"datePublished": "2025-09-15T22:34:21.797Z",
"dateReserved": "2025-04-16T15:24:37.114Z",
"dateUpdated": "2026-04-02T18:08:15.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28890 (GCVE-0-2026-28890)
Vulnerability from cvelistv5 – Published: 2026-03-25 00:32 – Updated: 2026-04-02 18:24
VLAI?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.
Severity ?
5.5 (Medium)
CWE
- An app may be able to cause unexpected system termination
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:57:34.890568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T18:07:48.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to cause unexpected system termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:24:17.212Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126801"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-28890",
"datePublished": "2026-03-25T00:32:51.440Z",
"dateReserved": "2026-03-03T16:36:03.980Z",
"dateUpdated": "2026-04-02T18:24:17.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28889 (GCVE-0-2026-28889)
Vulnerability from cvelistv5 – Published: 2026-03-25 00:31 – Updated: 2026-04-02 18:11
VLAI?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
Severity ?
6.2 (Medium)
CWE
- An app may be able to read arbitrary files as root
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:13:27.975044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:13:30.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read arbitrary files as root",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:05.556Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126801"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-28889",
"datePublished": "2026-03-25T00:31:44.560Z",
"dateReserved": "2026-03-03T16:36:03.980Z",
"dateUpdated": "2026-04-02T18:11:05.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31186 (GCVE-0-2025-31186)
Vulnerability from cvelistv5 – Published: 2026-01-16 17:06 – Updated: 2026-04-02 18:24
VLAI?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
Severity ?
CWE
- An app may be able to bypass Privacy preferences
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T18:26:21.212263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:28:37.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to bypass Privacy preferences",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:24:28.343Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122380"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31186",
"datePublished": "2026-01-16T17:06:10.519Z",
"dateReserved": "2025-03-27T16:13:58.311Z",
"dateUpdated": "2026-04-02T18:24:28.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43504 (GCVE-0-2025-43504)
Vulnerability from cvelistv5 – Published: 2025-11-04 01:17 – Updated: 2026-04-02 18:22
VLAI?
Summary
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
Severity ?
4.9 (Medium)
CWE
- A user in a privileged network position may be able to cause a denial-of-service
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T13:07:16.935477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T13:07:19.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user in a privileged network position may be able to cause a denial-of-service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:09.762Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125641"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43504",
"datePublished": "2025-11-04T01:17:21.026Z",
"dateReserved": "2025-04-16T15:27:21.193Z",
"dateUpdated": "2026-04-02T18:22:09.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43505 (GCVE-0-2025-43505)
Vulnerability from cvelistv5 – Published: 2025-11-04 01:16 – Updated: 2026-04-02 18:17
VLAI?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
Severity ?
8.8 (High)
CWE
- Processing a maliciously crafted file may lead to heap corruption
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:22.307825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:34.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted file may lead to heap corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:17:54.767Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125641"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43505",
"datePublished": "2025-11-04T01:16:46.705Z",
"dateReserved": "2025-04-16T15:27:21.193Z",
"dateUpdated": "2026-04-02T18:17:54.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43375 (GCVE-0-2025-43375)
Vulnerability from cvelistv5 – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:21
VLAI?
Summary
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity ?
7.5 (High)
CWE
- Processing an overly large path value may crash a process
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:36:48.222793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:24:28.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:52.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing an overly large path value may crash a process",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:21:11.160Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43375",
"datePublished": "2025-09-15T22:35:27.230Z",
"dateReserved": "2025-04-16T15:24:37.115Z",
"dateUpdated": "2026-04-02T18:21:11.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43263 (GCVE-0-2025-43263)
Vulnerability from cvelistv5 – Published: 2025-09-15 22:34 – Updated: 2026-04-02 18:11
VLAI?
Summary
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
Severity ?
7.1 (High)
CWE
- An app may be able to read and write files outside of its sandbox
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:40:33.815609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:26:52.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:50.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read and write files outside of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:14.679Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43263",
"datePublished": "2025-09-15T22:34:36.899Z",
"dateReserved": "2025-04-16T15:24:37.099Z",
"dateUpdated": "2026-04-02T18:11:14.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43371 (GCVE-0-2025-43371)
Vulnerability from cvelistv5 – Published: 2025-09-15 22:34 – Updated: 2026-04-02 18:11
VLAI?
Summary
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
Severity ?
8.2 (High)
CWE
- An app may be able to break out of its sandbox
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:40:41.659342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:26:58.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:47.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:08.283Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43371",
"datePublished": "2025-09-15T22:34:35.897Z",
"dateReserved": "2025-04-16T15:24:37.114Z",
"dateUpdated": "2026-04-02T18:11:08.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43370 (GCVE-0-2025-43370)
Vulnerability from cvelistv5 – Published: 2025-09-15 22:34 – Updated: 2026-04-02 18:08
VLAI?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity ?
4 (Medium)
CWE
- Processing an overly large path value may crash a process
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T15:01:11.182130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T15:02:24.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:12:46.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing an overly large path value may crash a process",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:08:15.385Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125117"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43370",
"datePublished": "2025-09-15T22:34:21.797Z",
"dateReserved": "2025-04-16T15:24:37.114Z",
"dateUpdated": "2026-04-02T18:08:15.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2026-AVI-0355
Vulnerability from certfr_avis - Published: 2026-03-25 - Updated: 2026-03-25
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions antérieures à 26.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.7 | ||
| Apple | Xcode | Xcode versions antérieures à 26.4 | ||
| Apple | visionOS | visionOS versions antérieures à 26.4 | ||
| Apple | watchOS | watchOS versions antérieures à 26.4 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.4 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.5 | ||
| Apple | Safari | Safari versions antérieures à 26.4 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.5 | ||
| Apple | tvOS | tvOS versions antérieures à 26.4 | ||
| Apple | iOS | iOS versions antérieures à 18.7.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.4",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.7",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20684"
},
{
"name": "CVE-2026-28875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28875"
},
{
"name": "CVE-2026-28862",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28862"
},
{
"name": "CVE-2026-20698",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20698"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"name": "CVE-2026-20692",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20692"
},
{
"name": "CVE-2025-43376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43376"
},
{
"name": "CVE-2026-28879",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28879"
},
{
"name": "CVE-2026-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28834"
},
{
"name": "CVE-2026-28882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28882"
},
{
"name": "CVE-2026-20631",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20631"
},
{
"name": "CVE-2025-55753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55753"
},
{
"name": "CVE-2026-28874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28874"
},
{
"name": "CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"name": "CVE-2026-28822",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28822"
},
{
"name": "CVE-2026-28827",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28827"
},
{
"name": "CVE-2026-28892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28892"
},
{
"name": "CVE-2026-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28895"
},
{
"name": "CVE-2026-28837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28837"
},
{
"name": "CVE-2026-28878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28878"
},
{
"name": "CVE-2026-28823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28823"
},
{
"name": "CVE-2026-28845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28845"
},
{
"name": "CVE-2026-28826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28826"
},
{
"name": "CVE-2026-28886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28886"
},
{
"name": "CVE-2026-28880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28880"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2026-20687",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20687"
},
{
"name": "CVE-2026-28866",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28866"
},
{
"name": "CVE-2026-20697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20697"
},
{
"name": "CVE-2026-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28863"
},
{
"name": "CVE-2026-28817",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28817"
},
{
"name": "CVE-2026-20637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20637"
},
{
"name": "CVE-2026-20607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20607"
},
{
"name": "CVE-2026-28889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28889"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2026-28824",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28824"
},
{
"name": "CVE-2026-28844",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28844"
},
{
"name": "CVE-2026-20632",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20632"
},
{
"name": "CVE-2026-20668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20668"
},
{
"name": "CVE-2026-28888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28888"
},
{
"name": "CVE-2026-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28852"
},
{
"name": "CVE-2026-28829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28829"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2026-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28861"
},
{
"name": "CVE-2026-28894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28894"
},
{
"name": "CVE-2026-28828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28828"
},
{
"name": "CVE-2025-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58098"
},
{
"name": "CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"name": "CVE-2026-20688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20688"
},
{
"name": "CVE-2026-20699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20699"
},
{
"name": "CVE-2026-28831",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28831"
},
{
"name": "CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"name": "CVE-2026-20694",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20694"
},
{
"name": "CVE-2026-20633",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20633"
},
{
"name": "CVE-2026-20657",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20657"
},
{
"name": "CVE-2026-28890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28890"
},
{
"name": "CVE-2026-20651",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20651"
},
{
"name": "CVE-2026-20701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20701"
},
{
"name": "CVE-2026-28816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28816"
},
{
"name": "CVE-2026-28877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28877"
},
{
"name": "CVE-2025-14524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
},
{
"name": "CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"name": "CVE-2026-28820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28820"
},
{
"name": "CVE-2026-28838",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28838"
},
{
"name": "CVE-2026-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28842"
},
{
"name": "CVE-2025-43534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43534"
},
{
"name": "CVE-2026-28825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28825"
},
{
"name": "CVE-2026-28865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28865"
},
{
"name": "CVE-2026-20660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20660"
},
{
"name": "CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"name": "CVE-2026-20639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20639"
},
{
"name": "CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"name": "CVE-2026-28818",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28818"
},
{
"name": "CVE-2026-20690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20690"
},
{
"name": "CVE-2026-20693",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20693"
},
{
"name": "CVE-2026-28833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28833"
},
{
"name": "CVE-2026-28876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28876"
},
{
"name": "CVE-2026-20695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20695"
},
{
"name": "CVE-2026-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28856"
},
{
"name": "CVE-2026-28891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28891"
},
{
"name": "CVE-2026-28868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28868"
},
{
"name": "CVE-2026-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28841"
},
{
"name": "CVE-2026-28821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28821"
},
{
"name": "CVE-2026-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28835"
},
{
"name": "CVE-2026-28839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28839"
},
{
"name": "CVE-2026-28867",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28867"
},
{
"name": "CVE-2026-28864",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28864"
},
{
"name": "CVE-2026-28832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28832"
},
{
"name": "CVE-2026-28858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28858"
},
{
"name": "CVE-2026-28870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28870"
},
{
"name": "CVE-2026-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28893"
},
{
"name": "CVE-2026-28881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28881"
}
],
"initial_release_date": "2026-03-25T00:00:00",
"last_revision_date": "2026-03-25T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0355",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126793",
"url": "https://support.apple.com/en-us/126793"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126794",
"url": "https://support.apple.com/en-us/126794"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126798",
"url": "https://support.apple.com/en-us/126798"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126800",
"url": "https://support.apple.com/en-us/126800"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126796",
"url": "https://support.apple.com/en-us/126796"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126792",
"url": "https://support.apple.com/en-us/126792"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126795",
"url": "https://support.apple.com/en-us/126795"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126799",
"url": "https://support.apple.com/en-us/126799"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126797",
"url": "https://support.apple.com/en-us/126797"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 126801",
"url": "https://support.apple.com/en-us/126801"
}
]
}
CERTFR-2025-AVI-0961
Vulnerability from certfr_avis - Published: 2025-11-04 - Updated: 2025-11-04
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Tahoe versions antérieures à 26.1 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.1 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.2 | ||
| Apple | Safari | Safari versions antérieures à 26.1 | ||
| Apple | Xcode | Xcode versions antérieures à 26.1 | ||
| Apple | watchOS | watchOS versions antérieures à 26.1 | ||
| Apple | iOS | iOS versions antérieures à 26.1 | ||
| Apple | tvOS | tvOS versions antérieures à 26.1 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.2 | ||
| Apple | visionOS | visionOS versions antérieures à 26.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43292"
},
{
"name": "CVE-2025-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43505"
},
{
"name": "CVE-2025-43432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43432"
},
{
"name": "CVE-2025-43372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43372"
},
{
"name": "CVE-2025-43426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43426"
},
{
"name": "CVE-2025-43480",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43480"
},
{
"name": "CVE-2025-43449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43449"
},
{
"name": "CVE-2025-43348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43348"
},
{
"name": "CVE-2025-43351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43351"
},
{
"name": "CVE-2025-43373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43373"
},
{
"name": "CVE-2025-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43441"
},
{
"name": "CVE-2025-43443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43443"
},
{
"name": "CVE-2025-43476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43476"
},
{
"name": "CVE-2025-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30465"
},
{
"name": "CVE-2025-43448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43448"
},
{
"name": "CVE-2025-43497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43497"
},
{
"name": "CVE-2025-43446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43446"
},
{
"name": "CVE-2025-43500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43500"
},
{
"name": "CVE-2025-43431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43431"
},
{
"name": "CVE-2025-43452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43452"
},
{
"name": "CVE-2025-43504",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43504"
},
{
"name": "CVE-2025-43467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43467"
},
{
"name": "CVE-2025-43496",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43496"
},
{
"name": "CVE-2025-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43420"
},
{
"name": "CVE-2025-43450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43450"
},
{
"name": "CVE-2025-43406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43406"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2025-43384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43384"
},
{
"name": "CVE-2025-43434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43434"
},
{
"name": "CVE-2025-43422",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43422"
},
{
"name": "CVE-2025-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43503"
},
{
"name": "CVE-2025-43502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43502"
},
{
"name": "CVE-2025-43440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43440"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2025-43427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43427"
},
{
"name": "CVE-2025-43394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43394"
},
{
"name": "CVE-2025-43335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43335"
},
{
"name": "CVE-2025-43458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43458"
},
{
"name": "CVE-2025-43411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43411"
},
{
"name": "CVE-2025-43469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43469"
},
{
"name": "CVE-2025-43498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43498"
},
{
"name": "CVE-2025-43424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43424"
},
{
"name": "CVE-2025-43423",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43423"
},
{
"name": "CVE-2025-43472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43472"
},
{
"name": "CVE-2025-43459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43459"
},
{
"name": "CVE-2025-43392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43392"
},
{
"name": "CVE-2025-43462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43462"
},
{
"name": "CVE-2025-43401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43401"
},
{
"name": "CVE-2025-43386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43386"
},
{
"name": "CVE-2025-43493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43493"
},
{
"name": "CVE-2025-43481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43481"
},
{
"name": "CVE-2025-43405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43405"
},
{
"name": "CVE-2025-43506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43506"
},
{
"name": "CVE-2025-43322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43322"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-43400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43400"
},
{
"name": "CVE-2025-43468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43468"
},
{
"name": "CVE-2025-43395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43395"
},
{
"name": "CVE-2025-43421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43421"
},
{
"name": "CVE-2025-43435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43435"
},
{
"name": "CVE-2025-43464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43464"
},
{
"name": "CVE-2025-43442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43442"
},
{
"name": "CVE-2025-43377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43377"
},
{
"name": "CVE-2025-43438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43438"
},
{
"name": "CVE-2025-43460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43460"
},
{
"name": "CVE-2025-43429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43429"
},
{
"name": "CVE-2025-43407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43407"
},
{
"name": "CVE-2025-43334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43334"
},
{
"name": "CVE-2025-43414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43414"
},
{
"name": "CVE-2025-43385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43385"
},
{
"name": "CVE-2025-43444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43444"
},
{
"name": "CVE-2025-43404",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43404"
},
{
"name": "CVE-2025-43495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43495"
},
{
"name": "CVE-2025-43465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43465"
},
{
"name": "CVE-2025-43461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43461"
},
{
"name": "CVE-2025-43294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43294"
},
{
"name": "CVE-2025-43390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43390"
},
{
"name": "CVE-2025-43499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43499"
},
{
"name": "CVE-2025-43350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43350"
},
{
"name": "CVE-2025-43391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43391"
},
{
"name": "CVE-2025-43378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43378"
},
{
"name": "CVE-2025-43473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43473"
},
{
"name": "CVE-2025-43445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43445"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2025-43409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43409"
},
{
"name": "CVE-2025-43399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43399"
},
{
"name": "CVE-2025-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43383"
},
{
"name": "CVE-2025-43474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43474"
},
{
"name": "CVE-2025-43471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43471"
},
{
"name": "CVE-2025-43387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43387"
},
{
"name": "CVE-2025-43479",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43479"
},
{
"name": "CVE-2025-43447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43447"
},
{
"name": "CVE-2025-43477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43477"
},
{
"name": "CVE-2025-43413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43413"
},
{
"name": "CVE-2025-43507",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43507"
},
{
"name": "CVE-2025-43336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43336"
},
{
"name": "CVE-2025-43433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43433"
},
{
"name": "CVE-2025-43430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43430"
},
{
"name": "CVE-2025-43337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43337"
},
{
"name": "CVE-2025-43380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43380"
},
{
"name": "CVE-2025-43397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43397"
},
{
"name": "CVE-2025-43455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43455"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-43412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43412"
},
{
"name": "CVE-2025-43388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43388"
},
{
"name": "CVE-2025-43396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43396"
},
{
"name": "CVE-2025-43454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43454"
},
{
"name": "CVE-2025-43439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43439"
},
{
"name": "CVE-2025-43381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43381"
},
{
"name": "CVE-2025-43382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43382"
},
{
"name": "CVE-2025-43466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43466"
},
{
"name": "CVE-2025-43364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43364"
},
{
"name": "CVE-2025-43393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43393"
},
{
"name": "CVE-2025-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43389"
},
{
"name": "CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"name": "CVE-2025-43361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43361"
},
{
"name": "CVE-2025-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43398"
},
{
"name": "CVE-2025-31199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31199"
},
{
"name": "CVE-2025-43408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43408"
},
{
"name": "CVE-2025-43379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43379"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2025-43425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43425"
},
{
"name": "CVE-2025-43478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43478"
},
{
"name": "CVE-2025-43436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43436"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-11-04T00:00:00",
"last_revision_date": "2025-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0961",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125639",
"url": "https://support.apple.com/en-us/125639"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125640",
"url": "https://support.apple.com/en-us/125640"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125634",
"url": "https://support.apple.com/en-us/125634"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125632",
"url": "https://support.apple.com/en-us/125632"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125638",
"url": "https://support.apple.com/en-us/125638"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125635",
"url": "https://support.apple.com/en-us/125635"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125641",
"url": "https://support.apple.com/en-us/125641"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125636",
"url": "https://support.apple.com/en-us/125636"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125637",
"url": "https://support.apple.com/en-us/125637"
}
]
}
CERTFR-2025-AVI-0791
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Apple indique que la vulnérabilité CVE-2025-43300 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iOS | iOS versions 15.x antérieures à 15.8.5 | ||
| Apple | iOS | iOS versions 16.x antérieures à 16.7.12 | ||
| Apple | iOS | iOS versions 18.x antérieures à 18.7 | ||
| Apple | iOS | iOS versions antérieures à 26 | ||
| Apple | iPadOS | iPadOS versions 15.x antérieures à 15.8.5 | ||
| Apple | iPadOS | iPadOS versions 16.x antérieures à 16.7.12 | ||
| Apple | iPadOS | iPadOS versions 18.x antérieures à 18.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26 | ||
| Apple | Safari | Safari versions antérieures à 26 | ||
| Apple | tvOS | tvOS versions antérieures à 26 | ||
| Apple | visionOS | visionOS versions antérieures à 26 | ||
| Apple | watchOS | watchOS versions antérieures à 26 | ||
| Apple | Xcode | Xcode versions antérieures à 26 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.12",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 18.x ant\u00e9rieures \u00e0 18.7",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.8.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.12",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43292"
},
{
"name": "CVE-2025-43372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43372"
},
{
"name": "CVE-2025-43332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43332"
},
{
"name": "CVE-2025-31270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31270"
},
{
"name": "CVE-2025-43362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43362"
},
{
"name": "CVE-2025-43319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43319"
},
{
"name": "CVE-2025-43340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43340"
},
{
"name": "CVE-2025-43327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43327"
},
{
"name": "CVE-2025-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30468"
},
{
"name": "CVE-2025-43359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43359"
},
{
"name": "CVE-2025-43262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43262"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-31269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31269"
},
{
"name": "CVE-2025-43354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43354"
},
{
"name": "CVE-2025-43326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43326"
},
{
"name": "CVE-2025-43204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43204"
},
{
"name": "CVE-2025-43273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43273"
},
{
"name": "CVE-2025-43347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43347"
},
{
"name": "CVE-2025-43302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43302"
},
{
"name": "CVE-2025-43321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43321"
},
{
"name": "CVE-2025-31254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31254"
},
{
"name": "CVE-2025-43299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43299"
},
{
"name": "CVE-2025-43316",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43316"
},
{
"name": "CVE-2025-43263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43263"
},
{
"name": "CVE-2025-31255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31255"
},
{
"name": "CVE-2025-43375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43375"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-43355",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43355"
},
{
"name": "CVE-2025-43207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43207"
},
{
"name": "CVE-2025-43285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43285"
},
{
"name": "CVE-2025-43370",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43370"
},
{
"name": "CVE-2025-43312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43312"
},
{
"name": "CVE-2025-43317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43317"
},
{
"name": "CVE-2025-31271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31271"
},
{
"name": "CVE-2025-43208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43208"
},
{
"name": "CVE-2025-43283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43283"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-43277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43277"
},
{
"name": "CVE-2025-43325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43325"
},
{
"name": "CVE-2025-43231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43231"
},
{
"name": "CVE-2025-24197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24197"
},
{
"name": "CVE-2025-43358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43358"
},
{
"name": "CVE-2025-43328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43328"
},
{
"name": "CVE-2025-43368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43368"
},
{
"name": "CVE-2025-43315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43315"
},
{
"name": "CVE-2025-43331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43331"
},
{
"name": "CVE-2025-43310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43310"
},
{
"name": "CVE-2025-43333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43333"
},
{
"name": "CVE-2025-43203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43203"
},
{
"name": "CVE-2025-43307",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43307"
},
{
"name": "CVE-2025-43297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43297"
},
{
"name": "CVE-2025-43190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43190"
},
{
"name": "CVE-2025-24088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24088"
},
{
"name": "CVE-2025-43293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43293"
},
{
"name": "CVE-2025-43343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43343"
},
{
"name": "CVE-2025-43294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43294"
},
{
"name": "CVE-2025-43286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43286"
},
{
"name": "CVE-2025-43353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43353"
},
{
"name": "CVE-2025-43356",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43356"
},
{
"name": "CVE-2025-43330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43330"
},
{
"name": "CVE-2025-43272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43272"
},
{
"name": "CVE-2025-31259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31259"
},
{
"name": "CVE-2025-31268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31268"
},
{
"name": "CVE-2025-43366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43366"
},
{
"name": "CVE-2025-43298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43298"
},
{
"name": "CVE-2025-43369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43369"
},
{
"name": "CVE-2025-43308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43308"
},
{
"name": "CVE-2025-43346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43346"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-43337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43337"
},
{
"name": "CVE-2025-24133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24133"
},
{
"name": "CVE-2025-43279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43279"
},
{
"name": "CVE-2025-43314",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43314"
},
{
"name": "CVE-2025-43300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43300"
},
{
"name": "CVE-2025-43342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43342"
},
{
"name": "CVE-2025-43349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43349"
},
{
"name": "CVE-2025-43341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43341"
},
{
"name": "CVE-2025-43301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43301"
},
{
"name": "CVE-2025-43318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43318"
},
{
"name": "CVE-2025-43344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43344"
},
{
"name": "CVE-2025-43311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43311"
},
{
"name": "CVE-2025-43287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43287"
},
{
"name": "CVE-2025-43303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43303"
},
{
"name": "CVE-2025-43304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43304"
},
{
"name": "CVE-2025-43291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43291"
},
{
"name": "CVE-2025-43329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43329"
},
{
"name": "CVE-2025-43357",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43357"
},
{
"name": "CVE-2025-43367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43367"
},
{
"name": "CVE-2025-43371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43371"
},
{
"name": "CVE-2025-43295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43295"
},
{
"name": "CVE-2025-43305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43305"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-43300 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125112",
"url": "https://support.apple.com/en-us/125112"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125116",
"url": "https://support.apple.com/en-us/125116"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125110",
"url": "https://support.apple.com/en-us/125110"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125115",
"url": "https://support.apple.com/en-us/125115"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125141",
"url": "https://support.apple.com/en-us/125141"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125117",
"url": "https://support.apple.com/en-us/125117"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125114",
"url": "https://support.apple.com/en-us/125114"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125108",
"url": "https://support.apple.com/en-us/125108"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125111",
"url": "https://support.apple.com/en-us/125111"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125109",
"url": "https://support.apple.com/en-us/125109"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125142",
"url": "https://support.apple.com/en-us/125142"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125113",
"url": "https://support.apple.com/en-us/125113"
}
]
}
FKIE_CVE-2025-31186
Vulnerability from fkie_nvd - Published: 2026-01-16 18:16 - Updated: 2026-01-27 20:19
Severity ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122380 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF1CF04-EF61-4499-90E6-EAF48F313E0B",
"versionEndExcluding": "16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de permisos con restricciones adicionales. Este problema est\u00e1 solucionado en Xcode 16.3. Una aplicaci\u00f3n podr\u00eda eludir las preferencias de privacidad."
}
],
"id": "CVE-2025-31186",
"lastModified": "2026-01-27T20:19:59.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-16T18:16:07.260",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/122380"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-43504
Vulnerability from fkie_nvd - Published: 2025-11-04 02:15 - Updated: 2025-11-04 16:22
Severity ?
Summary
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125641 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE80301-44C1-41B8-B3CE-058B8536D964",
"versionEndExcluding": "26.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service."
}
],
"id": "CVE-2025-43504",
"lastModified": "2025-11-04T16:22:02.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-11-04T02:15:53.370",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125641"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-43505
Vulnerability from fkie_nvd - Published: 2025-11-04 02:15 - Updated: 2025-11-04 16:21
Severity ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125641 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE80301-44C1-41B8-B3CE-058B8536D964",
"versionEndExcluding": "26.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption."
}
],
"id": "CVE-2025-43505",
"lastModified": "2025-11-04T16:21:54.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-11-04T02:15:53.467",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125641"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-43375
Vulnerability from fkie_nvd - Published: 2025-09-15 23:15 - Updated: 2025-11-03 19:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125117 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Sep/60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37CC7F40-CC3A-4AEB-9260-B621FE64735A",
"versionEndExcluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process."
}
],
"id": "CVE-2025-43375",
"lastModified": "2025-11-03T19:16:05.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-15T23:15:39.013",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-43370
Vulnerability from fkie_nvd - Published: 2025-09-15 23:15 - Updated: 2025-11-03 19:16
Severity ?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125117 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Sep/60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37CC7F40-CC3A-4AEB-9260-B621FE64735A",
"versionEndExcluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process."
}
],
"id": "CVE-2025-43370",
"lastModified": "2025-11-03T19:16:05.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-15T23:15:38.667",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-43371
Vulnerability from fkie_nvd - Published: 2025-09-15 23:15 - Updated: 2025-11-03 19:16
Severity ?
Summary
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125117 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Sep/60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37CC7F40-CC3A-4AEB-9260-B621FE64735A",
"versionEndExcluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox."
}
],
"id": "CVE-2025-43371",
"lastModified": "2025-11-03T19:16:05.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-15T23:15:38.770",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-43263
Vulnerability from fkie_nvd - Published: 2025-09-15 23:15 - Updated: 2025-11-03 19:15
Severity ?
Summary
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/125117 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Sep/60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37CC7F40-CC3A-4AEB-9260-B621FE64735A",
"versionEndExcluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox."
}
],
"id": "CVE-2025-43263",
"lastModified": "2025-11-03T19:15:55.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-15T23:15:31.133",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/125117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Sep/60"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}