Vulnerability-Lookup

CNVD-2026-14480

Vulnerability from cnvd - Published: 2026-03-23

Title

多款Apple产品信息泄露漏洞（CNVD-2026-14480）

Description

AApple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。Apple macOS是一套专为Mac计算机所开发的专用操作系统。多款Apple产品存在信息泄露漏洞，该漏洞是由于打开特制文件时ImageIO组件中的错误造成的。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

多款Apple产品信息泄露漏洞（CNVD-2026-14480）的补丁

Patch Description

AApple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。Apple macOS是一套专为Mac计算机所开发的专用操作系统。多款Apple产品存在信息泄露漏洞，该漏洞是由于打开特制文件时ImageIO组件中的错误造成的。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/126346

Reference

https://support.apple.com/en-us/126346

Impacted products

Name
['Apple macOS Tahoe <26.3', 'Apple macOS Sonoma <14.8.4', 'Apple iOS <18.7.5', 'Apple iOS <26.3', 'Apple iPadOS <18.7.5', 'Apple iPadOS <26.3', 'Apple visionOS <26.3', 'Apple watchOS <26.3', 'Apple tvOS <26.3', 'Apple macOS Sequoia <15.7.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-20634",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-20634"
    }
  },
  "description": "AApple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple watchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u6253\u5f00\u7279\u5236\u6587\u4ef6\u65f6ImageIO\u7ec4\u4ef6\u4e2d\u7684\u9519\u8bef\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/126346",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-14480",
  "openTime": "2026-03-23",
  "patchDescription": "AApple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple watchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u6253\u5f00\u7279\u5236\u6587\u4ef6\u65f6ImageIO\u7ec4\u4ef6\u4e2d\u7684\u9519\u8bef\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-14480\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple macOS Tahoe \u003c26.3",
      "Apple macOS Sonoma \u003c14.8.4",
      "Apple iOS \u003c18.7.5",
      "Apple iOS \u003c26.3",
      "Apple iPadOS \u003c18.7.5",
      "Apple iPadOS \u003c26.3",
      "Apple visionOS \u003c26.3",
      "Apple watchOS \u003c26.3",
      "Apple tvOS \u003c26.3",
      "Apple macOS Sequoia \u003c15.7.4"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/126346",
  "serverity": "\u4e2d",
  "submitTime": "2026-03-02",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-14480\uff09"
}

CVE-2026-20634 (GCVE-0-2026-20634)

Vulnerability from cvelistv5 – Published: 2026-02-11 22:58 – Updated: 2026-04-02 18:17

Summary

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Processing a maliciously crafted image may result in disclosure of process memory

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/126346
	https://support.apple.com/en-us/126347
	https://support.apple.com/en-us/126348
	https://support.apple.com/en-us/126349
	https://support.apple.com/en-us/126350
	https://support.apple.com/en-us/126351
	https://support.apple.com/en-us/126352
	https://support.apple.com/en-us/126353

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: 0 , < 18.7.5 (custom)
Affected: 0 , < 26.3 (custom)

Apple	macOS	Affected: 0 , < 14.8.4 (custom) Affected: 0 , < 15.7.4 (custom) Affected: 0 , < 26.3 (custom)
Apple	tvOS	Affected: 0 , < 26.3 (custom)
Apple	visionOS	Affected: 0 , < 26.3 (custom)
Apple	watchOS	Affected: 0 , < 26.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T21:21:46.442346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T21:21:48.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.7.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing a maliciously crafted image may result in disclosure of process memory",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:17:57.472Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/126346"
        },
        {
          "url": "https://support.apple.com/en-us/126347"
        },
        {
          "url": "https://support.apple.com/en-us/126348"
        },
        {
          "url": "https://support.apple.com/en-us/126349"
        },
        {
          "url": "https://support.apple.com/en-us/126350"
        },
        {
          "url": "https://support.apple.com/en-us/126351"
        },
        {
          "url": "https://support.apple.com/en-us/126352"
        },
        {
          "url": "https://support.apple.com/en-us/126353"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2026-20634",
    "datePublished": "2026-02-11T22:58:29.889Z",
    "dateReserved": "2025-11-11T14:43:07.861Z",
    "dateUpdated": "2026-04-02T18:17:57.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-14480

CVE-2026-20634 (GCVE-0-2026-20634)

Tags

Sightings

Nomenclature