Vulnerability-Lookup

CNVD-2026-14494

Vulnerability from cnvd - Published: 2026-03-23

Title

多款Apple产品存在未明漏洞（CNVD-2026-14494）

Description

Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple macOS是一套专为Mac计算机所开发的专用操作系统。多款Apple产品存在安全漏洞，攻击者可利用该漏洞在处理恶意图像时泄露用户信息。

Severity

高

Patch Name

多款Apple产品存在未明漏洞（CNVD-2026-14494）的补丁

Patch Description

Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple macOS是一套专为Mac计算机所开发的专用操作系统。多款Apple产品存在安全漏洞，攻击者可利用该漏洞在处理恶意图像时泄露用户信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/126346

Reference

https://support.apple.com/en-us/126346

Impacted products

Name
['Apple macOS Tahoe <26.3', 'Apple macOS Sonoma <14.8.4', 'Apple iOS <18.7.5', 'Apple iOS <26.3', 'Apple iPadOS <18.7.5', 'Apple iPadOS <26.3', 'Apple visionOS <26.3', 'Apple watchOS <26.3', 'Apple tvOS <26.3', 'Apple macOS Sequoia <15.7.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-20675",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-20675"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5904\u7406\u6076\u610f\u56fe\u50cf\u65f6\u6cc4\u9732\u7528\u6237\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/126346",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-14494",
  "openTime": "2026-03-23",
  "patchDescription": "Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple macOS\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5904\u7406\u6076\u610f\u56fe\u50cf\u65f6\u6cc4\u9732\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2026-14494\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple macOS Tahoe \u003c26.3",
      "Apple macOS Sonoma \u003c14.8.4",
      "Apple iOS \u003c18.7.5",
      "Apple iOS \u003c26.3",
      "Apple iPadOS \u003c18.7.5",
      "Apple iPadOS \u003c26.3",
      "Apple visionOS \u003c26.3",
      "Apple watchOS \u003c26.3",
      "Apple tvOS \u003c26.3",
      "Apple macOS Sequoia \u003c15.7.4"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/126346",
  "serverity": "\u9ad8",
  "submitTime": "2026-03-02",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2026-14494\uff09"
}

CVE-2026-20675 (GCVE-0-2026-20675)

Vulnerability from cvelistv5 – Published: 2026-02-11 22:58 – Updated: 2026-04-02 18:17

Summary

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing a maliciously crafted image may lead to disclosure of user information

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/126346
	https://support.apple.com/en-us/126347
	https://support.apple.com/en-us/126348
	https://support.apple.com/en-us/126349
	https://support.apple.com/en-us/126350
	https://support.apple.com/en-us/126351
	https://support.apple.com/en-us/126352
	https://support.apple.com/en-us/126353

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: 0 , < 18.7.5 (custom)
Affected: 0 , < 26.3 (custom)

Apple	macOS	Affected: 0 , < 14.8.4 (custom) Affected: 0 , < 15.7.4 (custom) Affected: 0 , < 26.3 (custom)
Apple	tvOS	Affected: 0 , < 26.3 (custom)
Apple	visionOS	Affected: 0 , < 26.3 (custom)
Apple	watchOS	Affected: 0 , < 26.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-14T03:55:28.733482Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T13:54:02.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-174/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.7.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing a maliciously crafted image may lead to disclosure of user information",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:17:32.549Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/126346"
        },
        {
          "url": "https://support.apple.com/en-us/126347"
        },
        {
          "url": "https://support.apple.com/en-us/126348"
        },
        {
          "url": "https://support.apple.com/en-us/126349"
        },
        {
          "url": "https://support.apple.com/en-us/126350"
        },
        {
          "url": "https://support.apple.com/en-us/126351"
        },
        {
          "url": "https://support.apple.com/en-us/126352"
        },
        {
          "url": "https://support.apple.com/en-us/126353"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2026-20675",
    "datePublished": "2026-02-11T22:58:29.051Z",
    "dateReserved": "2025-11-11T14:43:07.867Z",
    "dateUpdated": "2026-04-02T18:17:32.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-14494

CVE-2026-20675 (GCVE-0-2026-20675)

Tags

Sightings

Nomenclature