Apple as of late up to date the safety content material pages for a number of macOS, iOS, iPadOS, visionOS, and watchOS releases, including new CVE main points for vulnerabilities addressed in each and every replace. Listed here are the main points.
New main points for older and up to date tool releases
Ultimate September, Apple launched macOS 14.8 Sonoma, iOS 18.7, and iPadOS 18.7, with essential safety updates addressing vulnerabilities that, amongst different issues, may let an attacker get right of entry to secure or delicate consumer information.
Since then, Apple up to date macOS Sonoma every other six instances, with the gadget lately sitting at model 14.8.7 (the corporate skipped 14.8.6). Likewise, iPhone and iPad customers who’ve now not moved to more moderen primary releases have in a similar fashion persevered to obtain updates, with iOS 18 and iPadOS 18 now at model 18.7.9.
For Apple Watch and Apple Imaginative and prescient Professional customers, Apple additionally launched watchOS 26 and visionOS 26 ultimate yr, introducing more than one new options, along with together with essential safety fixes.
That mentioned, Apple as of late up to date the safety content material web page for those gadget variations (after which some), including extra main points at the fixes incorporated and their corresponding CVEs.
Listed here are the safety fixes added as of late on iOS 26 and iPadOS 26’s safety content material web page:
Siri
To be had for: iPhone 11 and later, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad eighth technology and later, and iPad mini fifth technology and later
Have an effect on: Non-public Surfing tabs is also accessed with out authentication
Description: This factor used to be addressed thru progressed state control.
CVE-2025-30468: Richard Hyunho Im (@richeeta), Jiwon ParkCalendar
We want to recognize Keisuke Chinone (Iroiro) and Rosyna Keller of Utterly Now not Malicious Instrument for his or her help.
Right here’s what Apple added to the safety content material of visionOS 26 and watchOS 26:
Calendar
We want to recognize Keisuke Chinone (Iroiro) and Rosyna Keller of Utterly Now not Malicious Instrument for his or her help.
Kernel
We want to recognize Sungwoo Kim, Yepeng Pan, Prof. Dr. Christian Rossow for his or her help.
Listed here are the safety fixes added as of late on macOS Sonoma 14.8’s safety content material web page:
Name Historical past
To be had for: macOS Sonoma
Have an effect on: An app could possibly fingerprint the consumer
Description: This factor used to be addressed with progressed redaction of delicate knowledge.
CVE-2025-43357: Rosyna Keller of Utterly Now not Malicious Instrument, Guilherme Rambo of Best possible Pal Apps (rambo.codes)CoreServices
To be had for: macOS Sonoma
Have an effect on: An app could possibly alter secure portions of the record gadget
Description: A permissions factor used to be addressed with further restrictions.
CVE-2025-43290: Zhongcheng Li from IES Purple Group of ByteDanceCoreServices
To be had for: macOS Sonoma
Have an effect on: A malicious app could possibly get right of entry to delicate consumer information
Description: A common sense factor used to be addressed with progressed validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)FaceTime
To be had for: macOS Sonoma
Have an effect on: Incoming FaceTime calls can seem or be accredited on a locked macOS instrument, even with notifications disabled at the lock display
Description: This factor used to be addressed thru progressed state control.
CVE-2025-31271: Shantanu ThakurTelephone
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to delicate consumer information
Description: A logging factor used to be addressed with progressed information redaction.
CVE-2025-43508: Wojciech Regula of SecuRing (wojciechregula.weblog)StorageKit
To be had for: macOS Sonoma
Have an effect on: A malicious app could possibly achieve root privileges
Description: A common sense factor used to be addressed with progressed exams.
CVE-2025-43306: Mickey Jin (@patch1t)
Listed here are the safety fixes added as of late on macOS Sonoma 14.8.2’s safety content material web page:
SQLite
To be had for: macOS Sonoma
Have an effect on: Processing a record would possibly result in reminiscence corruption
Description: This can be a vulnerability in open supply code and Apple Instrument is one of the affected tasks. The CVE-ID used to be assigned via a 3rd birthday party. Be told extra about the problem and CVE-ID at cve.org.
CVE-2025-6965
And right here’s what Apple added to the safety content material of iOS 18.7 and iPadOS 18.7:
Name Historical past
To be had for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Have an effect on: An app could possibly fingerprint the consumer
Description: This factor used to be addressed with progressed redaction of delicate knowledge.
CVE-2025-43357: Rosyna Keller of Utterly Now not Malicious Instrument, Guilherme Rambo of Best possible Pal Apps (rambo.codes)ImageIO
We want to recognize DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for his or her help.
To be told extra about Apple’s safety updates, practice this hyperlink.
Value testing on Amazon
FTC: We use source of revenue incomes auto associate hyperlinks. Extra.
