Vulnerability-Lookup

CNVD-2026-14479

Vulnerability from cnvd - Published: 2026-03-23

Title

多款Apple产品安全绕过漏洞（CNVD-2026-14479）

Description

Apple iOS是一套为移动设备所开发的操作系统。Apple macOS是一套专为Mac计算机所开发的专用操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。多款Apple产品存在安全绕过漏洞，该漏洞是由于使用特制应用程序时沙盒组件中的权限问题造成的。攻击者可利用该漏洞导致应用突破其沙盒限制。

Severity

中

Patch Name

多款Apple产品安全绕过漏洞（CNVD-2026-14479）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/126346

Reference

https://support.apple.com/en-us/126346

Impacted products

Name
['Apple macOS Tahoe <26.3', 'Apple macOS Sonoma <14.8.4', 'Apple iOS <18.7.5', 'Apple iOS <26.3', 'Apple iPadOS <18.7.5', 'Apple iPadOS <26.3', 'Apple visionOS <26.3', 'Apple watchOS <26.3', 'Apple tvOS <26.3', 'Apple macOS Sequoia <15.7.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-20628",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-20628"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4f7f\u7528\u7279\u5236\u5e94\u7528\u7a0b\u5e8f\u65f6\u6c99\u76d2\u7ec4\u4ef6\u4e2d\u7684\u6743\u9650\u95ee\u9898\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5e94\u7528\u7a81\u7834\u5176\u6c99\u76d2\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/126346",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-14479",
  "openTime": "2026-03-23",
  "patchDescription": "Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4f7f\u7528\u7279\u5236\u5e94\u7528\u7a0b\u5e8f\u65f6\u6c99\u76d2\u7ec4\u4ef6\u4e2d\u7684\u6743\u9650\u95ee\u9898\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5e94\u7528\u7a81\u7834\u5176\u6c99\u76d2\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2026-14479\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple macOS Tahoe \u003c26.3",
      "Apple macOS Sonoma \u003c14.8.4",
      "Apple iOS \u003c18.7.5",
      "Apple iOS \u003c26.3",
      "Apple iPadOS \u003c18.7.5",
      "Apple iPadOS \u003c26.3",
      "Apple visionOS \u003c26.3",
      "Apple watchOS \u003c26.3",
      "Apple tvOS \u003c26.3",
      "Apple macOS Sequoia \u003c15.7.4"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/126346",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-02",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2026-14479\uff09"
}

CVE-2026-20628 (GCVE-0-2026-20628)

Vulnerability from cvelistv5 – Published: 2026-02-11 22:58 – Updated: 2026-04-02 18:22

Summary

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

An app may be able to break out of its sandbox

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/126346
	https://support.apple.com/en-us/126347
	https://support.apple.com/en-us/126348
	https://support.apple.com/en-us/126349
	https://support.apple.com/en-us/126350
	https://support.apple.com/en-us/126351
	https://support.apple.com/en-us/126352
	https://support.apple.com/en-us/126353

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: 0 , < 18.7.5 (custom)
Affected: 0 , < 26.3 (custom)

Apple	macOS	Affected: 0 , < 14.8.4 (custom) Affected: 0 , < 15.7.4 (custom) Affected: 0 , < 26.3 (custom)
Apple	tvOS	Affected: 0 , < 26.3 (custom)
Apple	visionOS	Affected: 0 , < 26.3 (custom)
Apple	watchOS	Affected: 0 , < 26.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20628",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T19:16:45.663996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T19:17:41.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.7.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to break out of its sandbox",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:22:51.944Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/126346"
        },
        {
          "url": "https://support.apple.com/en-us/126347"
        },
        {
          "url": "https://support.apple.com/en-us/126348"
        },
        {
          "url": "https://support.apple.com/en-us/126349"
        },
        {
          "url": "https://support.apple.com/en-us/126350"
        },
        {
          "url": "https://support.apple.com/en-us/126351"
        },
        {
          "url": "https://support.apple.com/en-us/126352"
        },
        {
          "url": "https://support.apple.com/en-us/126353"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2026-20628",
    "datePublished": "2026-02-11T22:58:50.798Z",
    "dateReserved": "2025-11-11T14:43:07.860Z",
    "dateUpdated": "2026-04-02T18:22:51.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-14479

CVE-2026-20628 (GCVE-0-2026-20628)

Tags

Sightings

Nomenclature