Filtered by vendor Apple
Subscriptions
Total
13328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65842 | 3 Acustica-audio, Acusticaudio, Apple | 3 Aquarius Helpertool, Aquarius Helpertool, Macos | 2025-12-18 | 5.1 Medium |
| The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell. | ||||
| CVE-2025-43526 | 1 Apple | 3 Macos, Macos Tahoe, Safari | 2025-12-18 | 9.8 Critical |
| This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted. | ||||
| CVE-2025-65843 | 3 Acustica-audio, Acusticaudio, Apple | 3 Aquarius, Aquarius Desktop, Macos | 2025-12-18 | 7.7 High |
| Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius recursively enumerates logs using a JUCE directory iterator configured to follow symlinks, and later writes file data without validating whether the target is a symbolic link. A local attacker can exploit this behavior by planting symlinks to arbitrary filesystem locations, resulting in unauthorized disclosure or modification of arbitrary files. When chained with the associated HelperTool privilege escalation issue, root-owned files may also be exposed. | ||||
| CVE-2025-46292 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-12-18 | 5.5 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data. | ||||
| CVE-2025-46288 | 1 Apple | 9 Ios, Ipad Os, Ipados and 6 more | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens. | ||||
| CVE-2025-46283 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46282 | 1 Apple | 3 Macos, Macos Tahoe, Safari | 2025-12-18 | 5.5 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46281 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 8.4 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-46279 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2025-12-18 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2025-46278 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. | ||||
| CVE-2025-46277 | 1 Apple | 6 Ios, Ipad Os, Ipados and 3 more | 2025-12-18 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a user’s Safari history. | ||||
| CVE-2025-14765 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-18 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-43536 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-12-18 | 4.3 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43535 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-18 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43533 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2025-12-18 | 3.5 Low |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-43455 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-18 | 5.5 Medium |
| A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views. | ||||
| CVE-2025-43480 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-18 | 8.1 High |
| The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2025-43496 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2025-12-18 | 7.5 High |
| The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | ||||
| CVE-2025-43479 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43378 | 1 Apple | 1 Macos | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||