Vulnerability-Lookup

CVE-2025-14174 (GCVE-0-2025-14174)

Vulnerability from cvelistv5 – Published: 2025-12-12 19:20 – Updated: 2026-02-26 16:07

CISA KEV

Summary

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Out of bounds memory access
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

Chrome

References

4 references

URL	Tags
https://chromereleases.googleblog.com/2025/12/sta…
https://issues.chromium.org/issues/466192044
https://learn.microsoft.com/en-us/deployedge/micr…	third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 143.0.7499.110 , < 143.0.7499.110 (custom)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 6ee4dcf4-f700-4352-aef0-d26a831842d4

Vulnerability ID: CVE-2025-14174

Status: Confirmed

Status Updated: 2025-12-12 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-12-12

Asserted: 2025-12-12

Scope

Notes: KEV entry: Google Chromium Out of Bounds Memory Access Vulnerability | Affected: Google / Chromium | Description: Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html ; https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security ; https://nvd.nist.gov/vuln/detail/CVE-2025-14174

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Chromium
Due Date	2026-01-02
Date Added	2025-12-12
Vendorproject	Google
Vulnerabilityname	Google Chromium Out of Bounds Memory Access Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2025-14174

Created: 2026-02-02 12:25 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-14174",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T04:55:55.101177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-12-12",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:41.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "143.0.7499.110",
              "status": "affected",
              "version": "143.0.7499.110",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds memory access",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-12T19:20:41.809Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html"
        },
        {
          "url": "https://issues.chromium.org/issues/466192044"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2025-14174",
    "datePublished": "2025-12-12T19:20:41.809Z",
    "dateReserved": "2025-12-05T22:14:20.036Z",
    "dateUpdated": "2026-02-26T16:07:41.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-14174",
      "dateAdded": "2025-12-12",
      "dueDate": "2026-01-02",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html ; https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security ; https://nvd.nist.gov/vuln/detail/CVE-2025-14174",
      "product": "Chromium",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chromium Out of Bounds Memory Access Vulnerability"
    },
    "epss": {
      "cve": "CVE-2025-14174",
      "date": "2026-06-09",
      "epss": "0.00265",
      "percentile": "0.50253"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-14174\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2025-12-12T20:15:39.663\",\"lastModified\":\"2025-12-15T15:16:08.650\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-12-12\",\"cisaActionDue\":\"2026-01-02\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium Out of Bounds Memory Access Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"143.0.7499.41\",\"versionEndExcluding\":\"143.0.7499.110\",\"matchCriteriaId\":\"FDA5B0F4-9057-4518-B466-6BCF98CD1D77\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"143.0.7499.40\",\"versionEndExcluding\":\"143.0.7499.109\",\"matchCriteriaId\":\"D1F4C45F-9F9C-4619-82A6-AAE4CD7E99AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"143.0.7499.40\",\"matchCriteriaId\":\"0B58E8B8-70DB-4AA7-A44D-C161EF179863\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"3ECBF838-536C-47F9-9876-C526B8ED32EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.3\",\"matchCriteriaId\":\"6547722A-1226-4E23-B3AE-8692B07C2657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"8B71D919-1AA2-4F17-A834-4B703E36F7E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.3\",\"matchCriteriaId\":\"8928A377-93BD-49AD-B4FE-5B2328EBDB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"10FD01C3-D77F-4FE4-8195-F2C59FB1321C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"FBA92B6D-E36C-432B-A041-94D81427CD75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"E0BBFB45-21F3-4B72-8DB1-BE72AFE0D2AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"EB10D901-4800-4DF9-AB35-48017C178161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"15574823-ECE0-4394-99BC-6AFA34E599CC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"143.0.3650.80\",\"matchCriteriaId\":\"3AB5F00F-BB8F-41E6-A03A-299FD2D48926\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/466192044\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-14174\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-12T20:28:29.795087Z\"}}}], \"references\": [{\"url\": \"https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-12T20:30:09.225Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"143.0.7499.110\", \"lessThan\": \"143.0.7499.110\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html\"}, {\"url\": \"https://issues.chromium.org/issues/466192044\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Out of bounds memory access\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2025-12-12T19:20:41.809Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-14174\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T04:55:53.646Z\", \"dateReserved\": \"2025-12-05T22:14:20.036Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2025-12-12T19:20:41.809Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0158

Vulnerability from certfr_avis - Published: 2026-02-12 - Updated: 2026-02-12

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Apple indique que la vulnérabilité CVE-2026-20700 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	iOS	iOS versions antérieures à 26.3
Apple	iPadOS	iPadOS versions antérieures à 18.7.5
Apple	macOS	macOS Sequoia versions antérieures à 15.7.4
Apple	Safari	Safari versions antérieures à 26.3
Apple	iOS	iOS versions antérieures à 18.7.5
Apple	N/A	watchOS versions antérieures à 26.3
Apple	macOS	macOS Sonoma versions antérieures à 14.8.4
Apple	N/A	tvOS versions antérieures à 26.3
Apple	macOS	macOS Tahoe versions antérieures à 26.3
Apple	iPadOS	iPadOS versions antérieures à 26.3
Apple	N/A	visionOS versions antérieures à 26.3

References

Title

Publication Time

CERTFR-2026-AVI-0627

Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.2.x antérieures à 10.2.3
Splunk	N/A	Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9
Splunk	Splunk	image Docker Splunk versions 10.2.x antérieures à 10.2.2
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1
Splunk	Splunk AppDynamics Database Agent	Splunk AppDynamics Database Agent versions antérieures à 26.4.0
Splunk	Splunk	image Docker Splunk versions 9.4.x antérieures à 9.4.10
Splunk	Splunk User Behavior Analytics (UBA)	Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5
Splunk	Splunk AppDynamics Private Synthetic Agent	Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0
Splunk	Splunk AppDynamics Analytics Agent	Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0
Splunk	N/A	Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0
Splunk	Splunk AppDynamics Machine Agent	Splunk AppDynamics Machine Agent versions antérieures à 26.4.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11
Splunk	N/A	Splunk AppDynamics Python Agent versions antérieures à 26.4.1
Splunk	Splunk	image Docker Splunk versions 10.0.x antérieures à 10.0.5
Splunk	N/A	Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.6
Splunk	N/A	Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.11
Splunk	Splunk	image Docker Splunk versions 9.3.x antérieures à 9.3.11
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.12
Splunk	Splunk AppDynamics Java Agent	Splunk AppDynamics Java Agent versions antérieures à 26.4.0

References

Title

Publication Time

FKIE_CVE-2025-14174

Vulnerability from fkie_nvd - Published: 2025-12-12 20:15 - Updated: 2025-12-15 15:16

CISA KEV

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html	Release Notes
chrome-cve-admin@google.com	https://issues.chromium.org/issues/466192044	Permissions Required
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174	Third Party Advisory

Impacted products

Vendor	Product	Version
google	chrome	*
apple	macos	-
google	chrome	*
linux	linux_kernel	-
microsoft	windows	-
google	chrome	*
apple	safari	*
apple	ipados	*
apple	ipados	*
apple	iphone_os	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*
apple	visionos	*
apple	watchos	*
microsoft	edge_chromium	*

JSON

To clipboard

{
  "cisaActionDue": "2026-01-02",
  "cisaExploitAdd": "2025-12-12",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Google Chromium Out of Bounds Memory Access Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA5B0F4-9057-4518-B466-6BCF98CD1D77",
              "versionEndExcluding": "143.0.7499.110",
              "versionStartIncluding": "143.0.7499.41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1F4C45F-9F9C-4619-82A6-AAE4CD7E99AE",
              "versionEndExcluding": "143.0.7499.109",
              "versionStartIncluding": "143.0.7499.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B58E8B8-70DB-4AA7-A44D-C161EF179863",
              "versionEndIncluding": "143.0.7499.40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ECBF838-536C-47F9-9876-C526B8ED32EC",
              "versionEndExcluding": "26.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6547722A-1226-4E23-B3AE-8692B07C2657",
              "versionEndExcluding": "18.7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B71D919-1AA2-4F17-A834-4B703E36F7E2",
              "versionEndExcluding": "26.2",
              "versionStartIncluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8928A377-93BD-49AD-B4FE-5B2328EBDB70",
              "versionEndExcluding": "18.7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FD01C3-D77F-4FE4-8195-F2C59FB1321C",
              "versionEndExcluding": "26.2",
              "versionStartIncluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75",
              "versionEndExcluding": "26.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0BBFB45-21F3-4B72-8DB1-BE72AFE0D2AB",
              "versionEndExcluding": "26.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB10D901-4800-4DF9-AB35-48017C178161",
              "versionEndExcluding": "26.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15574823-ECE0-4394-99BC-6AFA34E599CC",
              "versionEndExcluding": "26.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB5F00F-BB8F-41E6-A03A-299FD2D48926",
              "versionEndExcluding": "143.0.3650.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
    }
  ],
  "id": "CVE-2025-14174",
  "lastModified": "2025-12-15T15:16:08.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-12T20:15:39.663",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://issues.chromium.org/issues/466192044"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-9FJM-6W64-76R7

Vulnerability from github – Published: 2025-12-12 21:31 – Updated: 2025-12-12 21:31

Details

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-14174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-12T20:15:39Z",
    "severity": "HIGH"
  },
  "details": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-9fjm-6w64-76r7",
  "modified": "2025-12-12T21:31:38Z",
  "published": "2025-12-12T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14174"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/466192044"
    },
    {
      "type": "WEB",
      "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2025-14174

Vulnerability from csaf_microsoft - Published: 2025-12-09 08:00 - Updated: 2025-12-15 08:00

Summary

Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2025-14174

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Microsoft Edge (Chromium-based) 143.0.3650.80 Microsoft Edge (Chromium-based)		143.0.3650.80

Known affected 1 product

Product	Identifier	Version	Remediation
Microsoft Edge (Chromium-based) <143.0.3650.80 Microsoft Edge (Chromium-based)		<143.0.3650.80	Vendor Fix fix

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2025/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2025/m…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14174"
      },
      {
        "category": "self",
        "summary": "CVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-14174.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE",
    "tracking": {
      "current_release_date": "2025-12-15T08:00:00.000Z",
      "generator": {
        "date": "2025-12-16T00:36:05.885Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-14174",
      "initial_release_date": "2025-12-09T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-12-15T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c143.0.3650.80",
            "product": {
              "name": "Microsoft Edge (Chromium-based) \u003c143.0.3650.80",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "143.0.3650.80",
            "product": {
              "name": "Microsoft Edge (Chromium-based) 143.0.3650.80",
              "product_id": "11655"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Edge (Chromium-based)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.\nIn your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window\nClick on Help and Feedback\nClick on About Microsoft Edge",
          "title": "Why is this Chrome CVE included in the Security Update Guide?"
        },
        {
          "category": "faq",
          "text": "143.0.3650.80: 143.0.3650.80, 12/11/2025: 12/11/2025, 143.0.7499.109/.110: 143.0.7499.109/.110",
          "title": "What is the version information for this release?"
        }
      ],
      "product_status": {
        "fixed": [
          "11655"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14174"
        },
        {
          "category": "self",
          "summary": "CVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-14174.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T08:00:00.000Z",
          "details": "143.0.3650.80:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security",
          "product_ids": [
            "1"
          ],
          "url": "https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
        }
      ],
      "title": "Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE"
    }
  ]
}

NCSC-2025-0396

Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:06 - Updated: 2025-12-15 09:06

Summary

Kwetsbaarheden verholpen in Apple macOS

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).

Interpretaties: De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125: Out-of-bounds Read

CWE-190: Integer Overflow or Wraparound

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-275: CWE-275

CWE-280: Improper Handling of Insufficient Permissions or Privileges

CWE-284: Improper Access Control

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

CWE-371: CWE-371

CWE-404: Improper Resource Shutdown or Release

CWE-416: Use After Free

CWE-451: User Interface (UI) Misrepresentation of Critical Information

CWE-456: Missing Initialization of a Variable

CWE-488: Exposure of Data Element to Wrong Session

CWE-524: Use of Cache Containing Sensitive Information

CWE-532: Insertion of Sensitive Information into Log File

CWE-732: Incorrect Permission Assignment for Critical Resource

CWE-862: Missing Authorization

CWE-1018: CWE-1018

CVE-2024-7264

Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2024-8906

Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome's Downloads UI.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-5918

The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-9086

Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-14174

Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43320

macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43410

macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.

2.4 (Low)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-524 - Use of Cache Containing Sensitive Information

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43416

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43428

A configuration issue was resolved by implementing additional restrictions to enhance system security.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43463

Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43482

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43501

A buffer overflow vulnerability has been addressed through improved memory management techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43509

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43511

iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43512

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43513

Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43514

The issue was addressed through improved cache management techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43516

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user's activity through enhanced checks.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43517

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43518

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43519

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43521

macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43522

macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43523

macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43526

The issue was addressed through the implementation of enhanced URL validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43527

macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43529

Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43530

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43531

A race condition issue was effectively resolved through enhancements in state management, improving system reliability.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43532

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43533

Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43535

The issue was addressed through improvements in memory management techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43536

A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43538

macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43539

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43541

A type confusion vulnerability was effectively addressed through improved state management techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43542

macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46276

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46277

A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46278

The issue was addressed through improved cache management techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46279

A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46281

A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46282

The issue was addressed by implementing additional permissions checks to enhance security measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46283

A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46285

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46287

Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46288

A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46289

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46291

A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

References

52 references

URL	Category
https://support.apple.com/en-us/125886	external
https://support.apple.com/en-us/125887	external
https://support.apple.com/en-us/125888	external
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "CWE-275",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Handling of Insufficient Permissions or Privileges ",
        "title": "CWE-280"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Exposure of Private Personal Information to an Unauthorized Actor",
        "title": "CWE-359"
      },
      {
        "category": "general",
        "text": "CWE-371",
        "title": "CWE-371"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "Missing Initialization of a Variable",
        "title": "CWE-456"
      },
      {
        "category": "general",
        "text": "Exposure of Data Element to Wrong Session",
        "title": "CWE-488"
      },
      {
        "category": "general",
        "text": "Use of Cache Containing Sensitive Information",
        "title": "CWE-524"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      },
      {
        "category": "general",
        "text": "CWE-1018",
        "title": "CWE-1018"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125886"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125887"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125888"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple macOS",
    "tracking": {
      "current_release_date": "2025-12-15T09:06:36.450655Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0396",
      "initial_release_date": "2025-12-15T09:06:36.450655Z",
      "revision_history": [
        {
          "date": "2025-12-15T09:06:36.450655Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sequoia"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sonoma"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Tahoe"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2024-8906",
      "notes": [
        {
          "category": "description",
          "text": "Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome\u0027s Downloads UI.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8906 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8906.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2024-8906"
    },
    {
      "cve": "CVE-2025-5918",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5918 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-5918"
    },
    {
      "cve": "CVE-2025-9086",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9086 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43320",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43320 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43320.json"
        }
      ],
      "title": "CVE-2025-43320"
    },
    {
      "cve": "CVE-2025-43410",
      "cwe": {
        "id": "CWE-524",
        "name": "Use of Cache Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Cache Containing Sensitive Information",
          "title": "CWE-524"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43410 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43410.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43410"
    },
    {
      "cve": "CVE-2025-43416",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43416 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43416.json"
        }
      ],
      "title": "CVE-2025-43416"
    },
    {
      "cve": "CVE-2025-43428",
      "notes": [
        {
          "category": "description",
          "text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43428 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
        }
      ],
      "title": "CVE-2025-43428"
    },
    {
      "cve": "CVE-2025-43463",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43463 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43463.json"
        }
      ],
      "title": "CVE-2025-43463"
    },
    {
      "cve": "CVE-2025-43482",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43482 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43482.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43482"
    },
    {
      "cve": "CVE-2025-43501",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43501 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
        }
      ],
      "title": "CVE-2025-43501"
    },
    {
      "cve": "CVE-2025-43509",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43509 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43509.json"
        }
      ],
      "title": "CVE-2025-43509"
    },
    {
      "cve": "CVE-2025-43511",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43511"
    },
    {
      "cve": "CVE-2025-43512",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43512 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
        }
      ],
      "title": "CVE-2025-43512"
    },
    {
      "cve": "CVE-2025-43513",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43513 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43513.json"
        }
      ],
      "title": "CVE-2025-43513"
    },
    {
      "cve": "CVE-2025-43514",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improved cache management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43514 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43514.json"
        }
      ],
      "title": "CVE-2025-43514"
    },
    {
      "cve": "CVE-2025-43516",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user\u0027s activity through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43516 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43516.json"
        }
      ],
      "title": "CVE-2025-43516"
    },
    {
      "cve": "CVE-2025-43517",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43517 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43517.json"
        }
      ],
      "title": "CVE-2025-43517"
    },
    {
      "cve": "CVE-2025-43518",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43518 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
        }
      ],
      "title": "CVE-2025-43518"
    },
    {
      "cve": "CVE-2025-43519",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43519 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43519.json"
        }
      ],
      "title": "CVE-2025-43519"
    },
    {
      "cve": "CVE-2025-43521",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43521 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43521.json"
        }
      ],
      "title": "CVE-2025-43521"
    },
    {
      "cve": "CVE-2025-43522",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43522 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43522.json"
        }
      ],
      "title": "CVE-2025-43522"
    },
    {
      "cve": "CVE-2025-43523",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43523 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43523.json"
        }
      ],
      "title": "CVE-2025-43523"
    },
    {
      "cve": "CVE-2025-43526",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through the implementation of enhanced URL validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43526 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43526.json"
        }
      ],
      "title": "CVE-2025-43526"
    },
    {
      "cve": "CVE-2025-43527",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Insufficient Permissions or Privileges ",
          "title": "CWE-280"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43527 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43527.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43527"
    },
    {
      "cve": "CVE-2025-43529",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43530",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43530 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
        }
      ],
      "title": "CVE-2025-43530"
    },
    {
      "cve": "CVE-2025-43531",
      "notes": [
        {
          "category": "description",
          "text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43531 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
        }
      ],
      "title": "CVE-2025-43531"
    },
    {
      "cve": "CVE-2025-43532",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43532 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43532"
    },
    {
      "cve": "CVE-2025-43533",
      "notes": [
        {
          "category": "description",
          "text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43535",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improvements in memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43535 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
        }
      ],
      "title": "CVE-2025-43535"
    },
    {
      "cve": "CVE-2025-43536",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43536 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
        }
      ],
      "title": "CVE-2025-43536"
    },
    {
      "cve": "CVE-2025-43538",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43538 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
        }
      ],
      "title": "CVE-2025-43538"
    },
    {
      "cve": "CVE-2025-43539",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43539 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
        }
      ],
      "title": "CVE-2025-43539"
    },
    {
      "cve": "CVE-2025-43541",
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43541 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
        }
      ],
      "title": "CVE-2025-43541"
    },
    {
      "cve": "CVE-2025-43542",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43542 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
        }
      ],
      "title": "CVE-2025-43542"
    },
    {
      "cve": "CVE-2025-46276",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46276 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
        }
      ],
      "title": "CVE-2025-46276"
    },
    {
      "cve": "CVE-2025-46277",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46277 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
        }
      ],
      "title": "CVE-2025-46277"
    },
    {
      "cve": "CVE-2025-46278",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improved cache management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46278 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46278.json"
        }
      ],
      "title": "CVE-2025-46278"
    },
    {
      "cve": "CVE-2025-46279",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46279 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
        }
      ],
      "title": "CVE-2025-46279"
    },
    {
      "cve": "CVE-2025-46281",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46281 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46281.json"
        }
      ],
      "title": "CVE-2025-46281"
    },
    {
      "cve": "CVE-2025-46282",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed by implementing additional permissions checks to enhance security measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46282 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46282.json"
        }
      ],
      "title": "CVE-2025-46282"
    },
    {
      "cve": "CVE-2025-46283",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46283 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
        }
      ],
      "title": "CVE-2025-46283"
    },
    {
      "cve": "CVE-2025-46285",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46285 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
        }
      ],
      "title": "CVE-2025-46285"
    },
    {
      "cve": "CVE-2025-46287",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46287 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
        }
      ],
      "title": "CVE-2025-46287"
    },
    {
      "cve": "CVE-2025-46288",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46288 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
        }
      ],
      "title": "CVE-2025-46288"
    },
    {
      "cve": "CVE-2025-46289",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46289 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46289.json"
        }
      ],
      "title": "CVE-2025-46289"
    },
    {
      "cve": "CVE-2025-46291",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46291 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46291.json"
        }
      ],
      "title": "CVE-2025-46291"
    }
  ]
}

NCSC-2025-0397

Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:08 - Updated: 2025-12-15 09:08

Summary

Kwetsbaarheden verholpen in Apple iOS en iPadOS

Notes

Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)

Interpretaties: De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125: Out-of-bounds Read

CWE-190: Integer Overflow or Wraparound

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-371: CWE-371

CWE-416: Use After Free

CWE-451: User Interface (UI) Misrepresentation of Critical Information

CWE-456: Missing Initialization of a Variable

CVE-2024-7264

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-5918

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-9086

Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-14174

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43428

A configuration issue was resolved by implementing additional restrictions to enhance system security.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43475

A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43501

A buffer overflow vulnerability has been addressed through improved memory management techniques.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43511

iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43512

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43518

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43529

Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43530

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43531

A race condition issue was effectively resolved through enhancements in state management, improving system reliability.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43532

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43533

Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43535

The issue was addressed through improvements in memory management techniques.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43536

A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43538

macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43539

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43541

A type confusion vulnerability was effectively addressed through improved state management techniques.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-43542

macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46276

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46277

A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46279

A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46285

macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46287

Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46288

A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

CVE-2025-46292

The issue was resolved through the implementation of additional entitlement checks to enhance security measures.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS, iPadOS		vers:unknown/*

References

30 references

URL	Category
https://support.apple.com/en-us/125884	external
https://support.apple.com/en-us/125885	external
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "CWE-371",
        "title": "CWE-371"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "Missing Initialization of a Variable",
        "title": "CWE-456"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125884"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125885"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
    "tracking": {
      "current_release_date": "2025-12-15T09:08:39.804149Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0397",
      "initial_release_date": "2025-12-15T09:08:39.804149Z",
      "revision_history": [
        {
          "date": "2025-12-15T09:08:39.804149Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "iOS, iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2025-5918",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5918 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-5918"
    },
    {
      "cve": "CVE-2025-9086",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9086 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43428",
      "notes": [
        {
          "category": "description",
          "text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43428 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
        }
      ],
      "title": "CVE-2025-43428"
    },
    {
      "cve": "CVE-2025-43475",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43475 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43475.json"
        }
      ],
      "title": "CVE-2025-43475"
    },
    {
      "cve": "CVE-2025-43501",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43501 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
        }
      ],
      "title": "CVE-2025-43501"
    },
    {
      "cve": "CVE-2025-43511",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-43511"
    },
    {
      "cve": "CVE-2025-43512",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43512 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
        }
      ],
      "title": "CVE-2025-43512"
    },
    {
      "cve": "CVE-2025-43518",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43518 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
        }
      ],
      "title": "CVE-2025-43518"
    },
    {
      "cve": "CVE-2025-43529",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43530",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43530 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
        }
      ],
      "title": "CVE-2025-43530"
    },
    {
      "cve": "CVE-2025-43531",
      "notes": [
        {
          "category": "description",
          "text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43531 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
        }
      ],
      "title": "CVE-2025-43531"
    },
    {
      "cve": "CVE-2025-43532",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43532 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-43532"
    },
    {
      "cve": "CVE-2025-43533",
      "notes": [
        {
          "category": "description",
          "text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43535",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improvements in memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43535 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
        }
      ],
      "title": "CVE-2025-43535"
    },
    {
      "cve": "CVE-2025-43536",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43536 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
        }
      ],
      "title": "CVE-2025-43536"
    },
    {
      "cve": "CVE-2025-43538",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43538 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
        }
      ],
      "title": "CVE-2025-43538"
    },
    {
      "cve": "CVE-2025-43539",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43539 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
        }
      ],
      "title": "CVE-2025-43539"
    },
    {
      "cve": "CVE-2025-43541",
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43541 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
        }
      ],
      "title": "CVE-2025-43541"
    },
    {
      "cve": "CVE-2025-43542",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43542 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
        }
      ],
      "title": "CVE-2025-43542"
    },
    {
      "cve": "CVE-2025-46276",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46276 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
        }
      ],
      "title": "CVE-2025-46276"
    },
    {
      "cve": "CVE-2025-46277",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46277 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
        }
      ],
      "title": "CVE-2025-46277"
    },
    {
      "cve": "CVE-2025-46279",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46279 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
        }
      ],
      "title": "CVE-2025-46279"
    },
    {
      "cve": "CVE-2025-46285",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46285 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
        }
      ],
      "title": "CVE-2025-46285"
    },
    {
      "cve": "CVE-2025-46287",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46287 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
        }
      ],
      "title": "CVE-2025-46287"
    },
    {
      "cve": "CVE-2025-46288",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46288 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
        }
      ],
      "title": "CVE-2025-46288"
    },
    {
      "cve": "CVE-2025-46292",
      "notes": [
        {
          "category": "description",
          "text": "The issue was resolved through the implementation of additional entitlement checks to enhance security measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46292 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46292.json"
        }
      ],
      "title": "CVE-2025-46292"
    }
  ]
}

NCSC-2026-0063

Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:24 - Updated: 2026-02-13 13:24

Summary

Kwetsbaarheden verholpen in Apple macOS

Notes

Feiten: Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.

Interpretaties: De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-284: Improper Access Control

CWE-416: Use After Free

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-823: Use of Out-of-range Pointer Offset

CWE-825: Expired Pointer Dereference

CVE-2025-14174

The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43338

An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43402

macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43403

Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43417

macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43529

The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43533

Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.

3.5 (Low)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46283

macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46290

macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-693 - Protection Mechanism Failure

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46300

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46301

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46302

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46303

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46304

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46305

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46310

macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-269 - Improper Privilege Management

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-59375

Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20601

macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20602

macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20603

macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20605

Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20606

The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20608

Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20609

Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20610

macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20611

An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20612

macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20614

A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20615

A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20616

An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20617

A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20618

macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20619

A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20620

An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20621

Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20623

A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20624

Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20625

Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20626

macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 - Missing Authorization

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20627

Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20628

A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20629

macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20630

macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-277 - Insecure Inherited Permissions

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20634

Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20635

Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20636

iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20641

A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20644

Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20646

macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20647

macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20648

A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20649

A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20650

A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20652

Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20653

A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20654

The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20656

A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20658

macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20660

A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20662

An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20666

macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20667

A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20669

macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20671

A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20673

A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20675

Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20676

The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20677

A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20680

Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20681

macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20700

Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

References

74 references

URL	Category
https://support.apple.com/en-us/126348	external
https://support.apple.com/en-us/126349	external
https://support.apple.com/en-us/126350	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico\u0027s te mitigeren.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Use of Out-of-range Pointer Offset",
        "title": "CWE-823"
      },
      {
        "category": "general",
        "text": "Expired Pointer Dereference",
        "title": "CWE-825"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126348"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126349"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126350"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple macOS",
    "tracking": {
      "current_release_date": "2026-02-13T13:24:06.433550Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0063",
      "initial_release_date": "2026-02-13T13:24:06.433550Z",
      "revision_history": [
        {
          "date": "2026-02-13T13:24:06.433550Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sequoia"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sonoma"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Tahoe"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Use of Out-of-range Pointer Offset",
          "title": "CWE-823"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43338",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43338 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43338.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43338"
    },
    {
      "cve": "CVE-2025-43402",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43402 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43402.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43402"
    },
    {
      "cve": "CVE-2025-43403",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "description",
          "text": "Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43403 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43403.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43403"
    },
    {
      "cve": "CVE-2025-43417",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43417 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43417.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43417"
    },
    {
      "cve": "CVE-2025-43529",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Expired Pointer Dereference",
          "title": "CWE-825"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-46283",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46283 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46283"
    },
    {
      "cve": "CVE-2025-46290",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "other",
          "text": "Protection Mechanism Failure",
          "title": "CWE-693"
        },
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46290 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46290.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46290"
    },
    {
      "cve": "CVE-2025-46300",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46300 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46301 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46302 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46303 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46304 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46305 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-46310",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46310 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46310.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46310"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20601",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20601 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20601.json"
        }
      ],
      "title": "CVE-2026-20601"
    },
    {
      "cve": "CVE-2026-20602",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20602 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20602.json"
        }
      ],
      "title": "CVE-2026-20602"
    },
    {
      "cve": "CVE-2026-20603",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20603 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20603.json"
        }
      ],
      "title": "CVE-2026-20603"
    },
    {
      "cve": "CVE-2026-20605",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20605 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20606 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20608 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
        }
      ],
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "notes": [
        {
          "category": "description",
          "text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20609 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
        }
      ],
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20610",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20610 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20610.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20610"
    },
    {
      "cve": "CVE-2026-20611",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20611 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20612",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20612 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20612.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20612"
    },
    {
      "cve": "CVE-2026-20614",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20614 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20614.json"
        }
      ],
      "title": "CVE-2026-20614"
    },
    {
      "cve": "CVE-2026-20615",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20615 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
        }
      ],
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20616 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
        }
      ],
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "notes": [
        {
          "category": "description",
          "text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20617 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
        }
      ],
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20618",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20618 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20618.json"
        }
      ],
      "title": "CVE-2026-20618"
    },
    {
      "cve": "CVE-2026-20619",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20619 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20619.json"
        }
      ],
      "title": "CVE-2026-20619"
    },
    {
      "cve": "CVE-2026-20620",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20620 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20620.json"
        }
      ],
      "title": "CVE-2026-20620"
    },
    {
      "cve": "CVE-2026-20621",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20621 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
        }
      ],
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20623",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20623 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20623.json"
        }
      ],
      "title": "CVE-2026-20623"
    },
    {
      "cve": "CVE-2026-20624",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20624 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20624.json"
        }
      ],
      "title": "CVE-2026-20624"
    },
    {
      "cve": "CVE-2026-20625",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20625 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20625.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20625"
    },
    {
      "cve": "CVE-2026-20626",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20626 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20627 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20628 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20629",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20629 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20629.json"
        }
      ],
      "title": "CVE-2026-20629"
    },
    {
      "cve": "CVE-2026-20630",
      "cwe": {
        "id": "CWE-277",
        "name": "Insecure Inherited Permissions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insecure Inherited Permissions",
          "title": "CWE-277"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20630 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20630.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20630"
    },
    {
      "cve": "CVE-2026-20634",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20634 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20635 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20636 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
        }
      ],
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20641",
      "notes": [
        {
          "category": "description",
          "text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20641 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
        }
      ],
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20644",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20644 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20646",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20646 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20646.json"
        }
      ],
      "title": "CVE-2026-20646"
    },
    {
      "cve": "CVE-2026-20647",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20647 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20647.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20647"
    },
    {
      "cve": "CVE-2026-20648",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20648 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20648.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20648"
    },
    {
      "cve": "CVE-2026-20649",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20649 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
        }
      ],
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20650 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20652",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20652 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20653 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "notes": [
        {
          "category": "description",
          "text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20654 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
        }
      ],
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20656",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20656 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
        }
      ],
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20658",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20658 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20658.json"
        }
      ],
      "title": "CVE-2026-20658"
    },
    {
      "cve": "CVE-2026-20660",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20660 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20662",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20662 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20662.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20662"
    },
    {
      "cve": "CVE-2026-20666",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20666 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20666.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20666"
    },
    {
      "cve": "CVE-2026-20667",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20667 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20669",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20669 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20669.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20669"
    },
    {
      "cve": "CVE-2026-20671",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20671 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20673 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20675",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20675 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "notes": [
        {
          "category": "description",
          "text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20676 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20677 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20680",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20680 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20681",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20681 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20681.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20681"
    },
    {
      "cve": "CVE-2026-20700",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20700 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20700"
    }
  ]
}

NCSC-2026-0064

Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:35 - Updated: 2026-02-13 13:35

Summary

Kwetsbaarheden verholpen in Apple iOS en iPadOS

Notes

Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.

Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen. Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-416: Use After Free

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-823: Use of Out-of-range Pointer Offset

CWE-825: Expired Pointer Dereference

CVE-2025-14174

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43529

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43533

3.5 (Low)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43537

iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46300

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46301

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46302

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46303

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46304

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46305

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20605

Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20606

The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20608

Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20609

Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20611

An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20615

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20616

An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20617

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20621

Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20626

macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 - Missing Authorization

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20627

Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20628

A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20634

Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20635

Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20636

iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20638

A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20640

iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20641

A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20642

An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20644

Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20645

An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20649

A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20650

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20652

Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20653

A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20654

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20655

An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20656

A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20660

A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20661

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20663

The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20667

A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20671

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20673

A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20674

iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20675

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20676

The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20677

A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20678

An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20680

Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20682

A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20700

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

References

55 references

URL	Category
https://support.apple.com/en-us/126346	external
https://support.apple.com/en-us/126347	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.\n\nApple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer v\u00f3\u00f3r 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Use of Out-of-range Pointer Offset",
        "title": "CWE-823"
      },
      {
        "category": "general",
        "text": "Expired Pointer Dereference",
        "title": "CWE-825"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126346"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126347"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
    "tracking": {
      "current_release_date": "2026-02-13T13:35:03.870920Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0064",
      "initial_release_date": "2026-02-13T13:35:03.870920Z",
      "revision_history": [
        {
          "date": "2026-02-13T13:35:03.870920Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Use of Out-of-range Pointer Offset",
          "title": "CWE-823"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43529",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Expired Pointer Dereference",
          "title": "CWE-825"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43537",
      "notes": [
        {
          "category": "description",
          "text": "iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43537 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43537.json"
        }
      ],
      "title": "CVE-2025-43537"
    },
    {
      "cve": "CVE-2025-46300",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46300 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46301 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46302 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46303 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46304 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46305 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20605",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20605 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20606 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20608 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
        }
      ],
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "notes": [
        {
          "category": "description",
          "text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20609 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
        }
      ],
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20611",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20611 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20615",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20615 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
        }
      ],
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20616 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
        }
      ],
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "notes": [
        {
          "category": "description",
          "text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20617 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
        }
      ],
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20621",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20621 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
        }
      ],
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20626",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20626 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20627 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20628 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20634",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20634 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20635 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20636 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
        }
      ],
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20638",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20638 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20638.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20638"
    },
    {
      "cve": "CVE-2026-20640",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20640 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20640.json"
        }
      ],
      "title": "CVE-2026-20640"
    },
    {
      "cve": "CVE-2026-20641",
      "notes": [
        {
          "category": "description",
          "text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20641 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
        }
      ],
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20642",
      "notes": [
        {
          "category": "description",
          "text": "An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20642 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20642.json"
        }
      ],
      "title": "CVE-2026-20642"
    },
    {
      "cve": "CVE-2026-20644",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20644 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20645",
      "cwe": {
        "id": "CWE-1021",
        "name": "Improper Restriction of Rendered UI Layers or Frames"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Rendered UI Layers or Frames",
          "title": "CWE-1021"
        },
        {
          "category": "description",
          "text": "An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20645 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20645.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20645"
    },
    {
      "cve": "CVE-2026-20649",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20649 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
        }
      ],
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20650 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20652",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20652 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20653 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "notes": [
        {
          "category": "description",
          "text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20654 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
        }
      ],
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20655",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20655 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20655.json"
        }
      ],
      "title": "CVE-2026-20655"
    },
    {
      "cve": "CVE-2026-20656",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20656 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
        }
      ],
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20660",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20660 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20661",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20661 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20661.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20661"
    },
    {
      "cve": "CVE-2026-20663",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        },
        {
          "category": "description",
          "text": "The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20663 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20663.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20663"
    },
    {
      "cve": "CVE-2026-20667",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20667 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20671",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20671 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20673 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20674",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20674 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20674.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20674"
    },
    {
      "cve": "CVE-2026-20675",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20675 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "notes": [
        {
          "category": "description",
          "text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20676 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20677 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20678",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20678 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20678.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20678"
    },
    {
      "cve": "CVE-2026-20680",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20680 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20682",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20682 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20682.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20682"
    },
    {
      "cve": "CVE-2026-20700",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20700 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20700"
    }
  ]
}

OPENSUSE-SU-2025:15831-1

Vulnerability from csaf_opensuse - Published: 2025-12-19 00:00 - Updated: 2025-12-19 00:00

Summary

chromedriver-143.0.7499.146-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: chromedriver-143.0.7499.146-1.1 on GA media

Description of the patch: These are all security issues fixed in the chromedriver-143.0.7499.146-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2025-15831

CVE-2025-14174

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-14765

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-14766

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

11 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-14174/	self
https://www.suse.com/security/cve/CVE-2025-14765/	self
https://www.suse.com/security/cve/CVE-2025-14766/	self
https://www.suse.com/security/cve/CVE-2025-14174	external
https://bugzilla.suse.com/1254776	external
https://www.suse.com/security/cve/CVE-2025-14765	external
https://bugzilla.suse.com/1255115	external
https://www.suse.com/security/cve/CVE-2025-14766	external
https://bugzilla.suse.com/1255115	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "chromedriver-143.0.7499.146-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the chromedriver-143.0.7499.146-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15831",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15831-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-14174 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-14174/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-14765 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-14765/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-14766 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-14766/"
      }
    ],
    "title": "chromedriver-143.0.7499.146-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-12-19T00:00:00Z",
      "generator": {
        "date": "2025-12-19T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15831-1",
      "initial_release_date": "2025-12-19T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-12-19T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-143.0.7499.146-1.1.aarch64",
                "product": {
                  "name": "chromedriver-143.0.7499.146-1.1.aarch64",
                  "product_id": "chromedriver-143.0.7499.146-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-143.0.7499.146-1.1.aarch64",
                "product": {
                  "name": "chromium-143.0.7499.146-1.1.aarch64",
                  "product_id": "chromium-143.0.7499.146-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-143.0.7499.146-1.1.ppc64le",
                "product": {
                  "name": "chromedriver-143.0.7499.146-1.1.ppc64le",
                  "product_id": "chromedriver-143.0.7499.146-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-143.0.7499.146-1.1.ppc64le",
                "product": {
                  "name": "chromium-143.0.7499.146-1.1.ppc64le",
                  "product_id": "chromium-143.0.7499.146-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-143.0.7499.146-1.1.s390x",
                "product": {
                  "name": "chromedriver-143.0.7499.146-1.1.s390x",
                  "product_id": "chromedriver-143.0.7499.146-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-143.0.7499.146-1.1.s390x",
                "product": {
                  "name": "chromium-143.0.7499.146-1.1.s390x",
                  "product_id": "chromium-143.0.7499.146-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-143.0.7499.146-1.1.x86_64",
                "product": {
                  "name": "chromedriver-143.0.7499.146-1.1.x86_64",
                  "product_id": "chromedriver-143.0.7499.146-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-143.0.7499.146-1.1.x86_64",
                "product": {
                  "name": "chromium-143.0.7499.146-1.1.x86_64",
                  "product_id": "chromium-143.0.7499.146-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-143.0.7499.146-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64"
        },
        "product_reference": "chromedriver-143.0.7499.146-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-143.0.7499.146-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le"
        },
        "product_reference": "chromedriver-143.0.7499.146-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-143.0.7499.146-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x"
        },
        "product_reference": "chromedriver-143.0.7499.146-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-143.0.7499.146-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64"
        },
        "product_reference": "chromedriver-143.0.7499.146-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-143.0.7499.146-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64"
        },
        "product_reference": "chromium-143.0.7499.146-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-143.0.7499.146-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le"
        },
        "product_reference": "chromium-143.0.7499.146-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-143.0.7499.146-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x"
        },
        "product_reference": "chromium-143.0.7499.146-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-143.0.7499.146-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
        },
        "product_reference": "chromium-143.0.7499.146-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-14174"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-14174",
          "url": "https://www.suse.com/security/cve/CVE-2025-14174"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1254776 for CVE-2025-14174",
          "url": "https://bugzilla.suse.com/1254776"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-14765",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-14765"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-14765",
          "url": "https://www.suse.com/security/cve/CVE-2025-14765"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1255115 for CVE-2025-14765",
          "url": "https://bugzilla.suse.com/1255115"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-14765"
    },
    {
      "cve": "CVE-2025-14766",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-14766"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x",
          "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-14766",
          "url": "https://www.suse.com/security/cve/CVE-2025-14766"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1255115 for CVE-2025-14766",
          "url": "https://bugzilla.suse.com/1255115"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-143.0.7499.146-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.s390x",
            "openSUSE Tumbleweed:chromium-143.0.7499.146-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-19T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-14766"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-14174 (GCVE-0-2025-14174)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solutions

Solutions

Tags

Sightings

Nomenclature