Security Advisory

Apple Family February 2026 1st Security Update Advisory

  • Feb 13 2026
Apple Family February 2026 1st Security Update Advisory

Overview

 

Apple(https://apple.com) has released a security update that fixes vulnerabilities in products it has been made. affected Xerox users are advised to update to the latest version.

 

Affected Products

 

IPhone 11 and later

IPad Pro 12.9-inch 3rd generation and later

IPad Pro 11-inch 1st generation and later

IPad Air 3rd generation and later

IPad 8th generation and later

IPad mini 5th generation and later

IPhone XS

IPhone XS Max

IPhone XR

IPad 7th generation

MacOS Tahoe

MacOS Sequoia

MacOS Sonoma

Apple TV HD

Apple TV 4K (all models)

Apple Watch Series 6 and later

Apple Vision Pro (all models)

 

Resolved Vulnerabilities

 

The following vulnerabilities were patched with the February 11, 2026 product-specific update

IOS 26.3 and iPadOS 26.3

Vulnerabilities in the Accessibility feature that allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20645, CVE-2026-20674)

Vulnerability in the Bluetooth feature that allows an attacker in a privileged network location to conduct a denial of service attack using crafted Bluetooth packets (CVE-2026-20650)

A vulnerability was found in the Call History feature that could allow a user with the Live Caller ID app extension turned off to leak user identifying information to the extension (CVE-2026-20638)

Arbitrary file writeable vulnerability in the CFNetwork feature (CVE-2026-20660)

Vulnerability in the CoreAudio function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerabilities in the CoreServices function that could allow an app to gain root privileges (CVE-2026-20617, CVE-2026-20615)

Vulnerability in CoreServices functionality that could allow an app to access user sensitive data (CVE-2026-20627)

Vulnerability in the dyld feature that could allow arbitrary code execution (CVE-2026-20700)

Vulnerability in the Game Center feature that could allow a user to view sensitive user information (CVE-2026-20649)

Vulnerability in the ImageIO function that could allow user information to be leaked when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the ImageIO function that could result in process memory disclosure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in Kernel functions that could allow an app to cause an unexpected system shutdown (CVE-2026-20654)

Vulnerability in Kernel functions that could allow a malicious app to gain root privileges (CVE-2026-20626)

Vulnerability in Kernel functions that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the LaunchServices function that could allow an app to enumerate a user’s list of installed apps (CVE-2026-20663)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the libxpc function that could allow an app to escape the sandbox (CVE-2026-20667)

Vulnerability in Live Captions feature that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20655)

Vulnerability in the Messages feature that could allow shortcuts to bypass sandbox restrictions (CVE-2026-20677)

Vulnerability in Photos feature that could allow access to user photos from the lock screen (CVE-2026-20642)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the Sandbox Profiles feature that could allow an app to access users’ sensitive data (CVE-2026-20678)

Vulnerability in the Screenshots feature that could allow an attacker to discover user-deleted notes (CVE-2026-20682)

Vulnerability in the Shortcuts feature that could allow an app to access user sensitive data (CVE-2026-20653)

Vulnerability in the Spotlight feature that could allow apps running in a sandboxed environment to access sensitive user data (CVE-2026-20680)

Vulnerability in StoreKit functionality that could allow an app to identify other apps installed by a user (CVE-2026-20641)

Vulnerability in UIKit functionality that could allow an app to bypass certain privacy settings (CVE-2026-20606)

Vulnerability in the UIKit feature that could allow an attacker with physical access to the iPhone to screenshot and view sensitive data on the iPhone during Mac to iPhone screen mirroring (CVE-2026-20640)

Vulnerability in the VoiceOver feature that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20661)

Vulnerability in WebKit functionality that could allow remote attackers to cause a denial of service attack (CVE-2026-20652)

Vulnerabilities in WebKit functionality that could allow unexpected process crashes when handling maliciously crafted web content (CVE-2026-20608, CVE-2026-20644, CVE-2026-20636, CVE-2026-20635)

Vulnerability in the WebKit feature that could allow websites to track users via the Safari Web Extension (CVE-2026-20676)

Vulnerability in the Wi-Fi feature that could lead to a system shutdown and kernel memory crash (CVE-2026-20621)

IOS 18.7.5 and iPadOS 18.7.5

Vulnerability in the Accessibility feature that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20645)

Vulnerability in the Books feature where restoring a maliciously crafted backup file could result in modification of protected system files (CVE-2025-43537)

Arbitrary file writeable vulnerability in the CFNetwork function (CVE-2026-20660)

Vulnerability in the CoreAudio function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerability in the ImageIO function that could result in process memory disclosure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in the ImageIO function that could result in user information leakage when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the Kernel function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the LaunchServices function that could allow an app to enumerate a user’s list of installed apps (CVE-2026-20663)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the libnetcore function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the Live Captions feature that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20655)

A vulnerability was found in the Mail feature where disabling the “Load remote content into messages” feature may not apply to all mail previews (CVE-2026-20673)

Vulnerability in the Messages feature that could allow shortcuts to bypass sandbox restrictions (CVE-2026-20677)

Vulnerability in the Model I/O function that could lead to unexpected app termination when handling maliciously crafted USD files (CVE-2026-20616)

Vulnerabilities in the Multi-Touch feature that could lead to unexpected process crashes due to malicious HID devices (CVE-2025-43533, CVE-2025-46300, CVE-2025-46301, CVE-2025-46302, CVE-2025-46303, CVE-2025-46304, CVE-2025-46305)

Vulnerability in the Safari feature that allows apps to access a user’s Safari browsing history (CVE-2026-20656)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the Sandbox Profiles feature that could allow an app to access users’ sensitive data (CVE-2026-20678)

Vulnerability in the Screenshots feature that could allow an attacker to discover user-deleted notes (CVE-2026-20682)

Vulnerability in the Shortcuts feature that could allow an app to access user sensitive data (CVE-2026-20653)

Vulnerability in the Spotlight feature that could allow apps running in a sandboxed environment to access sensitive user data (CVE-2026-20680)

Vulnerability in StoreKit functionality that could allow an app to identify other apps installed by a user (CVE-2026-20641)

Vulnerability in the UIKit feature that could allow an app to bypass certain privacy settings (CVE-2026-20606)

Vulnerability in the Voice Control feature that could allow an app to crash a system process (CVE-2026-20605)

Vulnerability in VoiceOver feature that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20661)

Vulnerabilities in the WebKit feature that could allow unexpected process crashes when handling maliciously crafted web content (CVE-2026-20608, CVE-2026-20644, CVE-2026-20635)

Vulnerability in WebKit functionality that could allow remote attackers to cause a denial of service attack (CVE-2026-20652)

Vulnerability in Wi-Fi functionality that could cause a system shutdown and kernel memory crash (CVE-2026-20621)

MacOS Tahoe 26.3

Vulnerability in Admin Framework functionality that could allow apps to access user sensitive data (CVE-2026-20669)

Vulnerability in the AppleMobileFileIntegrity feature that could allow an app to access a user’s sensitive data (CVE-2026-20625, CVE-2026-20624)

Vulnerability in the Bluetooth feature that could allow an attacker in a privileged network location to conduct a denial of service attack using crafted Bluetooth packets (CVE-2026-20650)

Arbitrary file writeable vulnerability in the CFNetwork feature (CVE-2026-20660)

Vulnerability in the Contacts feature that could allow an app to access a user’s contact information (CVE-2026-20681)

Vulnerability in the CoreAudio function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerabilities in the CoreServices function that could allow an app to gain root privileges (CVE-2026-20617, CVE-2026-20615)

Vulnerability in CoreServices functionality that could allow an app to access user sensitive data (CVE-2026-20627)

Vulnerability in the dyld function that could allow arbitrary code execution (CVE-2026-20700)

Vulnerability in the Foundation feature that could allow an app to access user sensitive data (CVE-2026-20629)

Vulnerability in the Foundation feature that could allow an app to monitor keystrokes without user permission (CVE-2026-20601)

Vulnerability in the Foundation feature that could allow an app to access protected user data (CVE-2026-20623)

Vulnerability in the Game Center feature that could allow a user to view sensitive user information (CVE-2026-20649)

Kernel memory accessibility vulnerability in the GPU Drivers function (CVE-2026-20620)

Vulnerability in the ImageIO function that could allow user information to be leaked when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the ImageIO function that could result in process memory disclosure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in Kernel functions that could allow an app to cause an unexpected system shutdown (CVE-2026-20654)

Vulnerability in Kernel functions that could allow a malicious app to gain root privileges (CVE-2026-20626)

Vulnerability in Kernel functions that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the LaunchServices function that could allow an app to access protected user data (CVE-2026-20630)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the libxpc function that could allow an app to bypass the sandbox (CVE-2026-20667)

A vulnerability was found in the Mail feature where disabling the “Load remote content in messages” feature may not apply to all mail previews (CVE-2026-20673)

Vulnerability in the Messages feature that could allow shortcuts to bypass sandbox restrictions (CVE-2026-20677)

Vulnerability in the Model I/O function that could lead to unexpected app termination when handling maliciously crafted USD files (CVE-2026-20616)

Vulnerability in the Notification Center feature that could allow an app with root privileges to access private information (CVE-2026-20603)

Vulnerability in the NSOpenPanel feature that could allow an app to access users’ sensitive data (CVE-2026-20666)

Vulnerability in the Remote Management feature that could allow an app to gain root privileges (CVE-2026-20614)

Vulnerability in the Safari feature that could allow an app to access a user’s Safari browsing history (CVE-2026-20656)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the Security feature that could allow an app to gain root privileges (CVE-2026-20658)

Vulnerability in the Setup Assistant feature that could allow an app to gain root privileges (CVE-2026-20610)

Vulnerability in the Shortcuts feature that could allow an app to access user sensitive data (CVE-2026-20653)

Vulnerability in Siri feature that could allow malicious apps to access notifications from other iCloud devices (CVE-2026-20648)

Vulnerability in Siri functionality that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20662)

Vulnerability in the Siri feature that could allow an app to access sensitive user data (CVE-2026-20647)

Vulnerability in the Spotlight feature that could allow apps running in a sandboxed environment to access sensitive user data (CVE-2026-20680)

Vulnerability in the Spotlight feature that could allow apps to access sensitive user data (CVE-2026-20612)

Vulnerability in the StoreKit feature that could allow an app to identify other apps installed by the user (CVE-2026-20641)

Vulnerability in the System Settings feature that could allow an app to access a user’s sensitive data (CVE-2026-20619, CVE-2026-20618)

Vulnerability in UIKit functionality that could allow an app to bypass certain privacy settings (CVE-2026-20606)

Vulnerability in the Voice Control feature that could allow an app to crash a system process (CVE-2026-20605)

Vulnerability in the Weather feature that could allow malicious apps to read sensitive location information (CVE-2026-20646)

Vulnerability in WebKit functionality that could allow remote attackers to cause a denial of service attack (CVE-2026-20652)

Vulnerabilities in WebKit functionality that could result in an unexpected process crash when handling maliciously crafted web content (CVE-2026-20608, CVE-2026-20644, CVE-2026-20636, CVE-2026-20635)

Vulnerability in the WebKit feature that could allow websites to track users via the Safari Web Extension (CVE-2026-20676)

Vulnerability in the Wi-Fi feature that could cause a system shutdown and kernel memory crash (CVE-2026-20621)

Vulnerability in the WindowServer feature that could allow an app to cause a denial of service attack (CVE-2026-20602)

MacOS Sequoia 15.7.4

Vulnerability in the AppleMobileFileIntegrity feature that could allow an app to access a user’s sensitive data (CVE-2026-20624, CVE-2026-20625)

Vulnerability in the Compression feature that could allow an app to access user sensitive data (CVE-2025-43403)

Vulnerability in the CoreAudio function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Kernel memory accessibility vulnerability in the GPU Drivers function (CVE-2026-20620)

Vulnerability in the ImageIO function that could result in process memory exposure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in the ImageIO function that could result in user information leakage when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in Kernel functions that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in Kernel functions that could allow a malicious app to gain root privileges (CVE-2026-20626)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the libnetcore function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the libxpc function that could allow an app to escape the sandbox (CVE-2026-20667)

A vulnerability was found in the Mail feature where turning off the “Load remote content in messages” feature may not apply to all mail previews (CVE-2026-20673)

Vulnerabilities in the Multi-Touch feature that could allow malicious HID devices to cause an unexpected process crash (CVE-2025-43533, CVE-2025-46300, CVE-2025-46301, CVE-2025-46302, CVE-2025-46303, CVE-2025-46304, CVE-2025-46305)

Vulnerability in the PackageKit feature that could allow an attacker with root privileges to delete protected system files (CVE-2025-46310)

Vulnerability in the Remote Management feature that could allow an app to gain root privileges (CVE-2026-20614)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the Security feature that could allow remote attackers to cause a denial of service attack (CVE-2025-46290)

Vulnerability in the Shortcuts feature that could allow an app to access user sensitive data (CVE-2026-20653)

Vulnerability in Siri feature that could allow an attacker with physical access to a locked device to view sensitive user information (CVE-2026-20662)

Vulnerability in the Spotlight feature that could allow apps running in a sandboxed environment to access sensitive user data (CVE-2026-20680)

Vulnerability in the Spotlight feature that could allow apps to access sensitive user data (CVE-2026-20612)

Vulnerability in the StoreKit feature that could allow an app to identify other apps installed by the user (CVE-2026-20641)

Vulnerability in the System Settings feature that could allow an app to access user sensitive data (CVE-2026-20619)

Vulnerability in UIKit functionality that could allow an app to bypass certain privacy settings (CVE-2026-20606)

Vulnerability in the Voice Control feature that could allow an app to crash a system process (CVE-2026-20605)

Vulnerability in the Wi-Fi feature that could cause a system shutdown and kernel memory crash (CVE-2026-20621)

Vulnerability in the WindowServer feature that could allow an app to cause an unexpected system shutdown or corrupt process memory (CVE-2025-43402)

Vulnerability in the WindowServer function that could allow an app to cause a denial of service attack (CVE-2026-20602)

MacOS Sonoma 14.8.4

Vulnerability in the AppleMobileFileIntegrity function that could allow an app to access user sensitive data (CVE-2026-20624, CVE-2026-20625)

Arbitrary file writable vulnerability in the CFNetwork feature (CVE-2026-20660)

Vulnerability in the Compression feature that could allow an app to access user sensitive data (CVE-2025-43403)

Vulnerability in the CoreAudio function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerabilities in the CoreServices function that could allow an app to gain root privileges (CVE-2026-20617, CVE-2026-20615)

Vulnerability in the CoreServices feature that could allow an app to access a user’s sensitive data (CVE-2025-46283, CVE-2026-20627)

Vulnerability in the File Bookmark function that could allow an app to access user sensitive data (CVE-2025-43417)

Kernel memory accessibility vulnerability in the GPU Drivers function (CVE-2026-20620)

Vulnerability in the ImageIO function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2025-43338)

Vulnerability in the ImageIO function that could result in process memory exposure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in the ImageIO function that could result in user information leakage when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the Kernel function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the libnetcore function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the libxpc function that could allow an app to escape the sandbox (CVE-2026-20667)

A vulnerability was found in the Mail feature where disabling the “Load remote content in messages” feature may not apply to all mail previews (CVE-2026-20673)

Vulnerability in the Messages feature that could allow shortcuts to bypass sandbox restrictions (CVE-2026-20677)

Vulnerability in the Model I/O function that could lead to unexpected app termination when handling maliciously crafted USD files (CVE-2026-20616)

Vulnerabilities in the Multi-Touch feature that could allow a malicious HID device to cause an unexpected process crash (CVE-2025-43533, CVE-2025-46300, CVE-2025-46301, CVE-2025-46302, CVE-2025-46303, CVE-2025-46304, CVE-2025-46305)

Vulnerability in the PackageKit feature that could allow an attacker with root privileges to delete protected system files (CVE-2025-46310)

Vulnerability in the Remote Management feature that could allow an app to gain root privileges (CVE-2026-20614)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the Security feature that could allow remote attackers to cause a denial of service attack (CVE-2025-46290)

Vulnerability in the Shortcuts feature that could allow an app to access user sensitive data (CVE-2026-20653)

Vulnerability in the Spotlight feature that could allow apps running in a sandboxed environment to access sensitive user data (CVE-2026-20680)

Vulnerability in the Spotlight feature that could allow apps to access sensitive user data (CVE-2026-20612)

Vulnerability in StoreKit functionality that could allow an app to identify other apps installed by a user (CVE-2026-20641)

Vulnerability in the UIKit feature that could allow an app to bypass certain privacy settings (CVE-2026-20606)

Vulnerability in the Voice Control feature that could allow an app to crash a system process (CVE-2026-20605)

Vulnerability in the Wi-Fi feature that could cause a system shutdown and kernel memory crash (CVE-2026-20621)

Vulnerability in the WindowServer feature that could allow an app to cause an unexpected system shutdown or corrupt process memory (CVE-2025-43402)

Vulnerability in the WindowServer function that could allow an app to cause a denial of service attack (CVE-2026-20602)

TvOS 26.3

Vulnerability in the Bluetooth feature that could allow an attacker in a privileged network location to conduct a denial of service attack using crafted Bluetooth packets (CVE-2026-20650)

Vulnerability in the CoreAudio feature that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerability in the CoreServices function that could allow an app to gain root privileges (CVE-2026-20617)

Vulnerability in the dyld feature that could allow arbitrary code execution (CVE-2026-20700)

Vulnerability in the Game Center feature that could allow a user to view sensitive user information (CVE-2026-20649)

Vulnerability in the ImageIO function that could allow user information to be leaked when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the ImageIO function that could result in process memory disclosure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in Kernel functions that could allow an app to cause an unexpected system shutdown (CVE-2026-20654)

Vulnerability in a kernel function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the Sandbox function that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the StoreKit feature that could allow an app to identify other apps installed by the user (CVE-2026-20641)

Vulnerability in WebKit functionality that could cause an unexpected process crash when handling maliciously crafted web content (CVE-2026-20635)

WatchOS 26.3

Vulnerability in the Bluetooth feature that could allow an attacker in a privileged network location to conduct a denial of service attack using crafted Bluetooth packets (CVE-2026-20650)

Vulnerability in the CoreAudio feature that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerability in the CoreServices function that could allow an app to gain root privileges (CVE-2026-20617)

Vulnerability in the CoreServices function that could allow an app to access user sensitive data (CVE-2026-20627)

Vulnerability in the dyld feature that could allow arbitrary code execution (CVE-2026-20700)

Vulnerability in the Game Center feature that could allow a user to view sensitive user information (CVE-2026-20649)

Vulnerability in the ImageIO function that could allow user information to be leaked when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the ImageIO function that could result in process memory disclosure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in Kernel functions that could allow an app to cause an unexpected system shutdown (CVE-2026-20654)

Vulnerability in a kernel function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the libxpc function that could allow an app to escape the sandbox (CVE-2026-20667)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in StoreKit functionality that could allow an app to identify other apps installed by the user (CVE-2026-20641)

Vulnerability in WebKit functionality that could cause an unexpected process crash when handling maliciously crafted web content (CVE-2026-20635)

VisionOS 26.3

Vulnerability in the AppleMobileFileIntegrity feature that could allow an app to access user sensitive data (CVE-2026-20625)

Vulnerability in the Bluetooth feature that could allow an attacker in a privileged network location to conduct a denial of service attack using crafted Bluetooth packets (CVE-2026-20650)

Arbitrary file writeable vulnerability in the CFNetwork function (CVE-2026-20660)

Vulnerability in the CoreAudio function that could result in unexpected app termination or process memory corruption when handling maliciously crafted media files (CVE-2026-20611)

Vulnerability in the CoreMedia function that could result in a denial of service attack or memory content leak when handling maliciously crafted files (CVE-2026-20609)

Vulnerabilities in the CoreServices function that could allow an app to gain root privileges (CVE-2026-20617, CVE-2026-20615)

Vulnerability in CoreServices functionality that could allow an app to access user sensitive data (CVE-2026-20627)

Vulnerability in the dyld function that could allow arbitrary code execution (CVE-2026-20700)

Vulnerability in the ImageIO function that could allow user information to be leaked when handling maliciously crafted images (CVE-2026-20675)

Vulnerability in the ImageIO function that could result in process memory disclosure when handling maliciously crafted images (CVE-2026-20634)

Vulnerability in Kernel functions that could allow an app to cause an unexpected system shutdown (CVE-2026-20654)

Vulnerability in Kernel functions that could allow a malicious app to gain root privileges (CVE-2026-20626)

Vulnerability in a kernel function that could allow an attacker in a privileged network location to intercept network traffic (CVE-2026-20671)

Vulnerability in the libexpat function that could lead to a denial of service attack when handling maliciously crafted files (CVE-2025-59375)

Vulnerability in the Messages function that could allow shortcuts to bypass sandbox restrictions (CVE-2026-20677)

Vulnerability in the Model I/O function that could lead to unexpected app termination when handling maliciously crafted USD files (CVE-2026-20616)

Vulnerability in the Sandbox feature that could allow an app to escape the sandbox (CVE-2026-20628)

Vulnerability in the Shortcuts feature that could allow an app to access user sensitive data (CVE-2026-20653)

Vulnerability in the StoreKit feature that could allow an app to identify other apps installed by the user (CVE-2026-20641)

Vulnerability in WebKit functionality that could allow remote attackers to cause a denial of service attack (CVE-2026-20652)

Vulnerabilities in WebKit functionality that could cause unexpected process crashes when handling maliciously crafted web content (CVE-2026-20608, CVE-2026-20644, CVE-2026-20636, CVE-2026-20635)

Vulnerability in the WebKit feature that could allow websites to track users via the Safari Web Extension (CVE-2026-20676)

Vulnerability in the Wi-Fi feature that could cause a system shutdown and kernel memory crash (CVE-2026-20621)

Safari 26.3

Arbitrary file writeable vulnerability in the CFNetwork feature (CVE-2026-20660)

Vulnerability in Safari functionality that could allow an app to access a user’s Safari browsing history (CVE-2026-20656)

Vulnerability in WebKit functionality that could allow remote attackers to cause a denial of service attack (CVE-2026-20652)

Vulnerabilities in WebKit functionality that could cause unexpected process crashes when handling maliciously crafted web content (CVE-2026-20608, CVE-2026-20644, CVE-2026-20636, CVE-2026-20635)

Vulnerability in WebKit functionality that could allow websites to track users via the Safari Web Extension (CVE-2026-20676)

 

Referenced Sites

 

Security Bulletins and Advisories

https://support.apple.com/en-us/HT201222

IOS 26.3 and iPadOS 26.3

https://support.apple.com/en-us/126346

IOS 18.7.5 and iPadOS 18.7.5

https://support.apple.com/en-us/126347

MacOS Tahoe 26.3

https://support.apple.com/en-us/126348

MacOS Sequoia 15.7.4

https://support.apple.com/en-us/126349

MacOS Sonoma 14.8.4

https://support.apple.com/en-us/126350

TvOS 26.3

https://support.apple.com/en-us/126351

WatchOS 26.3

https://support.apple.com/en-us/126352

VisionOS 26.3

https://support.apple.com/en-us/126353

Safari 26.3

https://support.apple.com/en-us/126354

Tags:
Previous Post

Next Post