{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van macOS (inclusief Sequoia, Sonoma en Tahoe versies).", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden betreffen onder andere fouten in geheugenbeheer zoals buffer overflows, use-after-free, out-of-bounds read en write, en integer overflow, die kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, of ongeautoriseerde toegang tot kernel- of gebruikersgegevens. Verder zijn er problemen opgelost met betrekking tot sandbox escape, privilege escalatie naar root, bypass van Content Security Policy, onjuiste permissie- en toegangscontrole, race conditions, logging die gevoelige informatie lekt, en bypass van Gatekeeper beveiligingsmechanismen. Sommige kwetsbaarheden kunnen worden misbruikt via speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie van invoer, strengere toegangscontrole, verbeterde geheugen- en statusbeheer, en versterkte sandboxing en logging mechanismen.", "title": "Interpretaties" }, { "category": "description", "text": "Apple heeft updates uitgebracht voor macOS om de beschreven kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "Buffer Access with Incorrect Length Value", "title": "CWE-805" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127115" }, { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127116" }, { "category": "external", "summary": "Reference", "url": "https://support.apple.com/en-us/127117" } ], "title": "Kwetsbaarheden verholpen in Apple MacOS", "tracking": { "current_release_date": "2026-05-12T12:19:43.540191Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0139", "initial_release_date": "2026-05-12T12:19:43.540191Z", "revision_history": [ { "date": "2026-05-12T12:19:43.540191Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "macOS" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "macOS Sequoia" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-3" } } ], "category": "product_name", "name": "macOS Sonoma" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "macOS Tahoe" } ], "category": "vendor", "name": "Apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-43524", "notes": [ { "category": "description", "text": "An access control vulnerability allowing an application to escape its sandbox environment was mitigated by enforcing stricter sandbox restrictions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2025-43524 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43524.json" } ], "title": "CVE-2025-43524" }, { "cve": "CVE-2026-1837", "cwe": { "id": "CWE-805", "name": "Buffer Access with Incorrect Length Value" }, "notes": [ { "category": "other", "text": "Buffer Access with Incorrect Length Value", "title": "CWE-805" }, { "category": "other", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "other", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "description", "text": "Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-1837 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1837.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] } ], "title": "CVE-2026-1837" }, { "cve": "CVE-2026-28819", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28819 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28819.json" } ], "title": "CVE-2026-28819" }, { "cve": "CVE-2026-28840", "notes": [ { "category": "description", "text": "A permissions issue allowing an app to gain root privileges was addressed with additional restrictions in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.4.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28840 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28840.json" } ], "title": "CVE-2026-28840" }, { "cve": "CVE-2026-28846", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28846 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28846.json" } ], "title": "CVE-2026-28846" }, { "cve": "CVE-2026-28847", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28847 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28847.json" } ], "title": "CVE-2026-28847" }, { "cve": "CVE-2026-28848", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability in macOS Sequoia 15.7.7 and macOS Tahoe 26.5 was addressed by implementing improved bounds checking to prevent unexpected system termination caused by remote attackers.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28848 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28848.json" } ], "title": "CVE-2026-28848" }, { "cve": "CVE-2026-28878", "notes": [ { "category": "description", "text": "A privacy vulnerability allowing apps to enumerate a user's installed applications was resolved by removing sensitive data in multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, and macOS Sequoia 15.7.7.", "title": "Summary" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28878 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28878.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] } ], "title": "CVE-2026-28878" }, { "cve": "CVE-2026-28883", "notes": [ { "category": "description", "text": "A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28883 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28883.json" } ], "title": "CVE-2026-28883" }, { "cve": "CVE-2026-28897", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28897 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28897.json" } ], "title": "CVE-2026-28897" }, { "cve": "CVE-2026-28901", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28901 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28901.json" } ], "title": "CVE-2026-28901" }, { "cve": "CVE-2026-28902", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28902 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28902.json" } ], "title": "CVE-2026-28902" }, { "cve": "CVE-2026-28903", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28903 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28903.json" } ], "title": "CVE-2026-28903" }, { "cve": "CVE-2026-28904", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28904 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28904.json" } ], "title": "CVE-2026-28904" }, { "cve": "CVE-2026-28905", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28905 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28905.json" } ], "title": "CVE-2026-28905" }, { "cve": "CVE-2026-28906", "notes": [ { "category": "description", "text": "An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28906 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28906.json" } ], "title": "CVE-2026-28906" }, { "cve": "CVE-2026-28907", "notes": [ { "category": "description", "text": "An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28907 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28907.json" } ], "title": "CVE-2026-28907" }, { "cve": "CVE-2026-28908", "notes": [ { "category": "description", "text": "A denial of service vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by removing code that allowed an app to modify protected parts of the file system.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28908 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28908.json" } ], "title": "CVE-2026-28908" }, { "cve": "CVE-2026-28913", "notes": [ { "category": "description", "text": "An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28913 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28913.json" } ], "title": "CVE-2026-28913" }, { "cve": "CVE-2026-28914", "notes": [ { "category": "description", "text": "A logic flaw in macOS Tahoe 26.5's file handling was resolved to prevent malicious ZIP archives from circumventing Gatekeeper security checks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28914 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28914.json" } ], "title": "CVE-2026-28914" }, { "cve": "CVE-2026-28915", "notes": [ { "category": "description", "text": "A parsing issue in directory path handling was fixed with improved validation in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 to prevent applications from potentially gaining root privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28915 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28915.json" } ], "title": "CVE-2026-28915" }, { "cve": "CVE-2026-28917", "notes": [ { "category": "description", "text": "An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28917 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28917.json" } ], "title": "CVE-2026-28917" }, { "cve": "CVE-2026-28918", "notes": [ { "category": "description", "text": "An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28918 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28918.json" } ], "title": "CVE-2026-28918" }, { "cve": "CVE-2026-28919", "notes": [ { "category": "description", "text": "A consistency issue allowing an app to potentially gain root privileges was resolved through improved state handling in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28919 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28919.json" } ], "title": "CVE-2026-28919" }, { "cve": "CVE-2026-28920", "notes": [ { "category": "description", "text": "An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28920 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28920.json" } ], "title": "CVE-2026-28920" }, { "cve": "CVE-2026-28922", "notes": [ { "category": "description", "text": "An issue allowing an app to potentially access private information was resolved through improved state management in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28922 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28922.json" } ], "title": "CVE-2026-28922" }, { "cve": "CVE-2026-28923", "notes": [ { "category": "description", "text": "A logging vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 that could allow a malicious app to escape its sandbox was resolved by enhancing data redaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28923 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28923.json" } ], "title": "CVE-2026-28923" }, { "cve": "CVE-2026-28924", "notes": [ { "category": "description", "text": "A race condition in symbolic link handling was fixed in macOS to prevent unauthorized app access to Contacts without user consent.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28924 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28924.json" } ], "title": "CVE-2026-28924" }, { "cve": "CVE-2026-28925", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by enhancing bounds checking to prevent unexpected system termination and unauthorized kernel memory writes.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28925 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28925.json" } ], "title": "CVE-2026-28925" }, { "cve": "CVE-2026-28929", "notes": [ { "category": "description", "text": "A logic flaw causing remote images to display when replying to emails in Mail's Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28929 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28929.json" } ], "title": "CVE-2026-28929" }, { "cve": "CVE-2026-28930", "notes": [ { "category": "description", "text": "macOS Tahoe 26.5 addressed a permissions vulnerability by implementing additional restrictions to prevent unauthorized app access to protected user data.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28930 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28930.json" } ], "title": "CVE-2026-28930" }, { "cve": "CVE-2026-28936", "notes": [ { "category": "description", "text": "An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28936 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28936.json" } ], "title": "CVE-2026-28936" }, { "cve": "CVE-2026-28940", "notes": [ { "category": "description", "text": "A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28940 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28940.json" } ], "title": "CVE-2026-28940" }, { "cve": "CVE-2026-28941", "notes": [ { "category": "description", "text": "Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28941 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28941.json" } ], "title": "CVE-2026-28941" }, { "cve": "CVE-2026-28942", "notes": [ { "category": "description", "text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28942 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28942.json" } ], "title": "CVE-2026-28942" }, { "cve": "CVE-2026-28943", "notes": [ { "category": "description", "text": "A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28943 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28943.json" } ], "title": "CVE-2026-28943" }, { "cve": "CVE-2026-28944", "notes": [ { "category": "description", "text": "A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28944 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28944.json" } ], "title": "CVE-2026-28944" }, { "cve": "CVE-2026-28946", "notes": [ { "category": "description", "text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was resolved in macOS Tahoe 26.5 by enhancing memory management.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28946 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28946.json" } ], "title": "CVE-2026-28946" }, { "cve": "CVE-2026-28947", "notes": [ { "category": "description", "text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28947 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28947.json" } ], "title": "CVE-2026-28947" }, { "cve": "CVE-2026-28951", "notes": [ { "category": "description", "text": "An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28951 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28951.json" } ], "title": "CVE-2026-28951" }, { "cve": "CVE-2026-28952", "notes": [ { "category": "description", "text": "An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28952 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28952.json" } ], "title": "CVE-2026-28952" }, { "cve": "CVE-2026-28953", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28953 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28953.json" } ], "title": "CVE-2026-28953" }, { "cve": "CVE-2026-28954", "notes": [ { "category": "description", "text": "A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28954 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28954.json" } ], "title": "CVE-2026-28954" }, { "cve": "CVE-2026-28955", "notes": [ { "category": "description", "text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28955 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28955.json" } ], "title": "CVE-2026-28955" }, { "cve": "CVE-2026-28956", "notes": [ { "category": "description", "text": "A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28956 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28956.json" } ], "title": "CVE-2026-28956" }, { "cve": "CVE-2026-28958", "notes": [ { "category": "description", "text": "Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28958 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28958.json" } ], "title": "CVE-2026-28958" }, { "cve": "CVE-2026-28959", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28959 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28959.json" } ], "title": "CVE-2026-28959" }, { "cve": "CVE-2026-28961", "notes": [ { "category": "description", "text": "A vulnerability in macOS Tahoe 26.5 allowed attackers with physical access to locked devices to view sensitive user information, which was addressed by enhanced verification checks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28961 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28961.json" } ], "title": "CVE-2026-28961" }, { "cve": "CVE-2026-28962", "notes": [ { "category": "description", "text": "A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28962 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28962.json" } ], "title": "CVE-2026-28962" }, { "cve": "CVE-2026-28969", "notes": [ { "category": "description", "text": "A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28969 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28969.json" } ], "title": "CVE-2026-28969" }, { "cve": "CVE-2026-28971", "notes": [ { "category": "description", "text": "A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28971 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28971.json" } ], "title": "CVE-2026-28971" }, { "cve": "CVE-2026-28972", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28972 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28972.json" } ], "title": "CVE-2026-28972" }, { "cve": "CVE-2026-28974", "notes": [ { "category": "description", "text": "An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28974 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28974.json" } ], "title": "CVE-2026-28974" }, { "cve": "CVE-2026-28976", "notes": [ { "category": "description", "text": "An information leakage vulnerability in macOS Tahoe 26.5 was addressed by implementing additional validation to prevent an app from gaining root privileges.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28976 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28976.json" } ], "title": "CVE-2026-28976" }, { "cve": "CVE-2026-28977", "notes": [ { "category": "description", "text": "Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28977 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28977.json" } ], "title": "CVE-2026-28977" }, { "cve": "CVE-2026-28978", "notes": [ { "category": "description", "text": "A permissions issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by adding restrictions to prevent malicious applications from escaping their sandbox environments.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28978 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28978.json" } ], "title": "CVE-2026-28978" }, { "cve": "CVE-2026-28983", "notes": [ { "category": "description", "text": "A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28983 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28983.json" } ], "title": "CVE-2026-28983" }, { "cve": "CVE-2026-28985", "notes": [ { "category": "description", "text": "A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28985 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28985.json" } ], "title": "CVE-2026-28985" }, { "cve": "CVE-2026-28986", "notes": [ { "category": "description", "text": "A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28986 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28986.json" } ], "title": "CVE-2026-28986" }, { "cve": "CVE-2026-28987", "notes": [ { "category": "description", "text": "A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28987 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28987.json" } ], "title": "CVE-2026-28987" }, { "cve": "CVE-2026-28988", "notes": [ { "category": "description", "text": "A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28988 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28988.json" } ], "title": "CVE-2026-28988" }, { "cve": "CVE-2026-28990", "notes": [ { "category": "description", "text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28990 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28990.json" } ], "title": "CVE-2026-28990" }, { "cve": "CVE-2026-28991", "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28991 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28991.json" } ], "title": "CVE-2026-28991" }, { "cve": "CVE-2026-28992", "notes": [ { "category": "description", "text": "A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28992 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28992.json" } ], "title": "CVE-2026-28992" }, { "cve": "CVE-2026-28993", "notes": [ { "category": "description", "text": "An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28993 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28993.json" } ], "title": "CVE-2026-28993" }, { "cve": "CVE-2026-28994", "notes": [ { "category": "description", "text": "A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28994 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28994.json" } ], "title": "CVE-2026-28994" }, { "cve": "CVE-2026-28995", "notes": [ { "category": "description", "text": "A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28995 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28995.json" } ], "title": "CVE-2026-28995" }, { "cve": "CVE-2026-28996", "notes": [ { "category": "description", "text": "A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-28996 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28996.json" } ], "title": "CVE-2026-28996" }, { "cve": "CVE-2026-39869", "notes": [ { "category": "description", "text": "A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-39869 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39869.json" } ], "title": "CVE-2026-39869" }, { "cve": "CVE-2026-39870", "notes": [ { "category": "description", "text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-39870 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39870.json" } ], "title": "CVE-2026-39870" }, { "cve": "CVE-2026-39871", "notes": [ { "category": "description", "text": "A path handling vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 allowed apps to observe unprotected user data, which was resolved through improved logic.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-39871 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39871.json" } ], "title": "CVE-2026-39871" }, { "cve": "CVE-2026-43652", "notes": [ { "category": "description", "text": "macOS Tahoe 26.5 addressed a permissions vulnerability by implementing additional restrictions to prevent unauthorized app access to protected user data.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43652 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43652.json" } ], "title": "CVE-2026-43652" }, { "cve": "CVE-2026-43653", "notes": [ { "category": "description", "text": "A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43653 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43653.json" } ], "title": "CVE-2026-43653" }, { "cve": "CVE-2026-43654", "notes": [ { "category": "description", "text": "A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43654 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43654.json" } ], "title": "CVE-2026-43654" }, { "cve": "CVE-2026-43655", "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43655 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43655.json" } ], "title": "CVE-2026-43655" }, { "cve": "CVE-2026-43656", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43656 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43656.json" } ], "title": "CVE-2026-43656" }, { "cve": "CVE-2026-43658", "notes": [ { "category": "description", "text": "A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43658 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43658.json" } ], "title": "CVE-2026-43658" }, { "cve": "CVE-2026-43659", "notes": [ { "category": "description", "text": "A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43659 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43659.json" } ], "title": "CVE-2026-43659" }, { "cve": "CVE-2026-43660", "notes": [ { "category": "description", "text": "Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43660 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43660.json" } ], "title": "CVE-2026-43660" }, { "cve": "CVE-2026-43661", "notes": [ { "category": "description", "text": "A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43661 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43661.json" } ], "title": "CVE-2026-43661" }, { "cve": "CVE-2026-43666", "notes": [ { "category": "description", "text": "An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43666 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43666.json" } ], "title": "CVE-2026-43666" }, { "cve": "CVE-2026-43668", "notes": [ { "category": "description", "text": "A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "self", "summary": "CVE-2026-43668 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43668.json" } ], "title": "CVE-2026-43668" } ] }