{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van iOS en iPadOS", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden betreffen onder andere onjuiste geheugenbeheermechanismen zoals use-after-free, buffer overflows, out-of-bounds reads en writes, race conditions, type confusion, null pointer dereferences, en onvoldoende inputvalidatie. Deze kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, ongeautoriseerde toegang tot gevoelige gebruikers- of kerneldata, privilege-escalatie, en het omzeilen van beveiligingsmechanismen zoals Content Security Policy en sandboxing. Sommige kwetsbaarheden maken het mogelijk dat een aanvaller code met kernel-privileges uitvoert of systeemstabiliteit verstoort. De problemen kunnen worden geactiveerd door het verwerken van speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie, strengere toegangscontroles, en verbeterde geheugen- en state managementmechanismen.", "title": "Interpretaties" }, { "category": "description", "text": "Apple heeft updates uitgebracht voor iOS en iPadOS om deze kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Exposure of Private Personal Information to an Unauthorized Actor", "title": "CWE-359" }, { "category": "general", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "general", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "Buffer Access with Incorrect Length Value", "title": "CWE-805" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127110" }, { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127111" }, { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127112" }, { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127113" }, { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127114" } ], "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS", "tracking": { "current_release_date": "2026-05-12T12:18:59.723533Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0138", "initial_release_date": "2026-05-12T12:18:59.723533Z", "revision_history": [ { "date": "2026-05-12T12:18:59.723533Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "iOS" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "iPadOS" } ], "category": "vendor", "name": "Apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-1837", "cwe": { "id": "CWE-805", "name": "Buffer Access with Incorrect Length Value" }, "notes": [ { "category": "other", "text": "Buffer Access with Incorrect Length Value", "title": "CWE-805" }, { "category": "other", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "other", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "description", "text": "Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-1837 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1837.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-1837" }, { "cve": "CVE-2026-28819", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28819 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28819.json" } ], "title": "CVE-2026-28819" }, { "cve": "CVE-2026-28846", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28846 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28846.json" } ], "title": "CVE-2026-28846" }, { "cve": "CVE-2026-28847", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28847 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28847.json" } ], "title": "CVE-2026-28847" }, { "cve": "CVE-2026-28870", "notes": [ { "category": "description", "text": "An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed by implementing additional validation across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Tahoe 26.4.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28870 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28870.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-28870" }, { "cve": "CVE-2026-28872", "notes": [ { "category": "description", "text": "A resource exhaustion vulnerability in iOS and iPadOS versions 18.7.9 and 26.4 was mitigated through improved input validation to prevent denial-of-service attacks by remote attackers.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28872 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28872.json" } ], "title": "CVE-2026-28872" }, { "cve": "CVE-2026-28873", "notes": [ { "category": "description", "text": "An issue in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4 allowed apps to bypass App Privacy Report logging, which was resolved by implementing additional entitlement checks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28873 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28873.json" } ], "title": "CVE-2026-28873" }, { "cve": "CVE-2026-28877", "notes": [ { "category": "description", "text": "An authorization vulnerability allowing unauthorized access to sensitive user data was resolved through enhanced state management across multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28877 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28877.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-28877" }, { "cve": "CVE-2026-28882", "notes": [ { "category": "description", "text": "A vulnerability allowing apps to enumerate a user's installed applications was addressed through enhanced verification checks across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28882 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28882.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.0, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-28882" }, { "cve": "CVE-2026-28883", "notes": [ { "category": "description", "text": "A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28883 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28883.json" } ], "title": "CVE-2026-28883" }, { "cve": "CVE-2026-28894", "notes": [ { "category": "description", "text": "A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was mitigated by improved input validation to prevent remote attackers from causing service disruption.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28894 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28894.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-28894" }, { "cve": "CVE-2026-28897", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28897 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28897.json" } ], "title": "CVE-2026-28897" }, { "cve": "CVE-2026-28901", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28901 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28901.json" } ], "title": "CVE-2026-28901" }, { "cve": "CVE-2026-28902", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28902 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28902.json" } ], "title": "CVE-2026-28902" }, { "cve": "CVE-2026-28903", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28903 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28903.json" } ], "title": "CVE-2026-28903" }, { "cve": "CVE-2026-28904", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28904 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28904.json" } ], "title": "CVE-2026-28904" }, { "cve": "CVE-2026-28905", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28905 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28905.json" } ], "title": "CVE-2026-28905" }, { "cve": "CVE-2026-28906", "notes": [ { "category": "description", "text": "An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28906 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28906.json" } ], "title": "CVE-2026-28906" }, { "cve": "CVE-2026-28907", "notes": [ { "category": "description", "text": "An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28907 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28907.json" } ], "title": "CVE-2026-28907" }, { "cve": "CVE-2026-28913", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28913 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28913.json" } ], "title": "CVE-2026-28913" }, { "cve": "CVE-2026-28917", "notes": [ { "category": "description", "text": "An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28917 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28917.json" } ], "title": "CVE-2026-28917" }, { "cve": "CVE-2026-28918", "notes": [ { "category": "description", "text": "An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28918 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28918.json" } ], "title": "CVE-2026-28918" }, { "cve": "CVE-2026-28920", "notes": [ { "category": "description", "text": "An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28920 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28920.json" } ], "title": "CVE-2026-28920" }, { "cve": "CVE-2026-28929", "notes": [ { "category": "description", "text": "A logic flaw causing remote images to display when replying to emails in Mail's Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28929 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28929.json" } ], "title": "CVE-2026-28929" }, { "cve": "CVE-2026-28936", "notes": [ { "category": "description", "text": "An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28936 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28936.json" } ], "title": "CVE-2026-28936" }, { "cve": "CVE-2026-28940", "notes": [ { "category": "description", "text": "A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28940 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28940.json" } ], "title": "CVE-2026-28940" }, { "cve": "CVE-2026-28941", "notes": [ { "category": "description", "text": "Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28941 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28941.json" } ], "title": "CVE-2026-28941" }, { "cve": "CVE-2026-28942", "notes": [ { "category": "description", "text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28942 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28942.json" } ], "title": "CVE-2026-28942" }, { "cve": "CVE-2026-28943", "notes": [ { "category": "description", "text": "A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28943 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28943.json" } ], "title": "CVE-2026-28943" }, { "cve": "CVE-2026-28944", "notes": [ { "category": "description", "text": "A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28944 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28944.json" } ], "title": "CVE-2026-28944" }, { "cve": "CVE-2026-28947", "notes": [ { "category": "description", "text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28947 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28947.json" } ], "title": "CVE-2026-28947" }, { "cve": "CVE-2026-28950", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Private Personal Information to an Unauthorized Actor", "title": "CWE-359" }, { "category": "description", "text": "A logging issue causing notifications marked for deletion to be unexpectedly retained on iOS and iPadOS devices was resolved by enhancing data redaction across multiple versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28950 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28950.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-28950" }, { "cve": "CVE-2026-28951", "notes": [ { "category": "description", "text": "An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28951 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28951.json" } ], "title": "CVE-2026-28951" }, { "cve": "CVE-2026-28952", "notes": [ { "category": "description", "text": "An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28952 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28952.json" } ], "title": "CVE-2026-28952" }, { "cve": "CVE-2026-28953", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28953 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28953.json" } ], "title": "CVE-2026-28953" }, { "cve": "CVE-2026-28954", "notes": [ { "category": "description", "text": "A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28954 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28954.json" } ], "title": "CVE-2026-28954" }, { "cve": "CVE-2026-28955", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28955 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28955.json" } ], "title": "CVE-2026-28955" }, { "cve": "CVE-2026-28956", "notes": [ { "category": "description", "text": "A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28956 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28956.json" } ], "title": "CVE-2026-28956" }, { "cve": "CVE-2026-28957", "notes": [ { "category": "description", "text": "A vulnerability allowing applications to capture user screen content via camera metadata was addressed in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, and visionOS 26.5 through enhanced logic controls.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28957 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28957.json" } ], "title": "CVE-2026-28957" }, { "cve": "CVE-2026-28958", "notes": [ { "category": "description", "text": "Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28958 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28958.json" } ], "title": "CVE-2026-28958" }, { "cve": "CVE-2026-28959", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28959 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28959.json" } ], "title": "CVE-2026-28959" }, { "cve": "CVE-2026-28962", "notes": [ { "category": "description", "text": "A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28962 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28962.json" } ], "title": "CVE-2026-28962" }, { "cve": "CVE-2026-28963", "notes": [ { "category": "description", "text": "A privacy vulnerability in iOS 26.5 and iPadOS 26.5 allowed attackers with physical access to exploit Visual Intelligence during iPhone Mirroring to access sensitive data, which was remediated by removing the vulnerable code.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28963 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28963.json" } ], "title": "CVE-2026-28963" }, { "cve": "CVE-2026-28964", "notes": [ { "category": "description", "text": "An inconsistent user interface issue in iOS 16.5, iPadOS 16.5, and visionOS 16.5 that could allow an app to access sensitive user data was resolved through improved state management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28964 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28964.json" } ], "title": "CVE-2026-28964" }, { "cve": "CVE-2026-28965", "notes": [ { "category": "description", "text": "A privacy vulnerability in iOS 26.5 and iPadOS 26.5 that allowed users to access restricted content from the lock screen has been addressed through enhanced verification mechanisms.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28965 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28965.json" } ], "title": "CVE-2026-28965" }, { "cve": "CVE-2026-28969", "notes": [ { "category": "description", "text": "A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28969 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28969.json" } ], "title": "CVE-2026-28969" }, { "cve": "CVE-2026-28971", "notes": [ { "category": "description", "text": "A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28971 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28971.json" } ], "title": "CVE-2026-28971" }, { "cve": "CVE-2026-28972", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28972 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28972.json" } ], "title": "CVE-2026-28972" }, { "cve": "CVE-2026-28974", "notes": [ { "category": "description", "text": "An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28974 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28974.json" } ], "title": "CVE-2026-28974" }, { "cve": "CVE-2026-28977", "notes": [ { "category": "description", "text": "Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28977 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28977.json" } ], "title": "CVE-2026-28977" }, { "cve": "CVE-2026-28983", "notes": [ { "category": "description", "text": "A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28983 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28983.json" } ], "title": "CVE-2026-28983" }, { "cve": "CVE-2026-28985", "notes": [ { "category": "description", "text": "A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28985 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28985.json" } ], "title": "CVE-2026-28985" }, { "cve": "CVE-2026-28986", "notes": [ { "category": "description", "text": "A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28986 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28986.json" } ], "title": "CVE-2026-28986" }, { "cve": "CVE-2026-28987", "notes": [ { "category": "description", "text": "A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28987 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28987.json" } ], "title": "CVE-2026-28987" }, { "cve": "CVE-2026-28988", "notes": [ { "category": "description", "text": "A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28988 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28988.json" } ], "title": "CVE-2026-28988" }, { "cve": "CVE-2026-28990", "notes": [ { "category": "description", "text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28990 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28990.json" } ], "title": "CVE-2026-28990" }, { "cve": "CVE-2026-28991", "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28991 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28991.json" } ], "title": "CVE-2026-28991" }, { "cve": "CVE-2026-28992", "notes": [ { "category": "description", "text": "A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28992 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28992.json" } ], "title": "CVE-2026-28992" }, { "cve": "CVE-2026-28993", "notes": [ { "category": "description", "text": "An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28993 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28993.json" } ], "title": "CVE-2026-28993" }, { "cve": "CVE-2026-28994", "notes": [ { "category": "description", "text": "A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28994 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28994.json" } ], "title": "CVE-2026-28994" }, { "cve": "CVE-2026-28995", "notes": [ { "category": "description", "text": "A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28995 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28995.json" } ], "title": "CVE-2026-28995" }, { "cve": "CVE-2026-28996", "notes": [ { "category": "description", "text": "A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28996 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28996.json" } ], "title": "CVE-2026-28996" }, { "cve": "CVE-2026-39869", "notes": [ { "category": "description", "text": "A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-39869 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39869.json" } ], "title": "CVE-2026-39869" }, { "cve": "CVE-2026-43653", "notes": [ { "category": "description", "text": "A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43653 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43653.json" } ], "title": "CVE-2026-43653" }, { "cve": "CVE-2026-43654", "notes": [ { "category": "description", "text": "A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43654 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43654.json" } ], "title": "CVE-2026-43654" }, { "cve": "CVE-2026-43655", "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43655 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43655.json" } ], "title": "CVE-2026-43655" }, { "cve": "CVE-2026-43656", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43656 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43656.json" } ], "title": "CVE-2026-43656" }, { "cve": "CVE-2026-43658", "notes": [ { "category": "description", "text": "A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43658 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43658.json" } ], "title": "CVE-2026-43658" }, { "cve": "CVE-2026-43659", "notes": [ { "category": "description", "text": "A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43659 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43659.json" } ], "title": "CVE-2026-43659" }, { "cve": "CVE-2026-43660", "notes": [ { "category": "description", "text": "Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43660 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43660.json" } ], "title": "CVE-2026-43660" }, { "cve": "CVE-2026-43661", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43661 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43661.json" } ], "title": "CVE-2026-43661" }, { "cve": "CVE-2026-43666", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43666 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43666.json" } ], "title": "CVE-2026-43666" }, { "cve": "CVE-2026-43668", "notes": [ { "category": "description", "text": "A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43668 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43668.json" } ], "title": "CVE-2026-43668" } ] }