Apple today updated the security content pages for several macOS, iOS, iPadOS, visionOS, and watchOS releases, adding new CVE details for vulnerabilities addressed in each update. Here are the details.
New details for older and recent software releases
Last September, Apple released macOS 14.8 Sonoma, iOS 18.7, and iPadOS 18.7, with important security updates addressing vulnerabilities that, among other things, could let an attacker access protected or sensitive user data.
Since then, Apple updated macOS Sonoma another six times, with the system currently sitting at version 14.8.7 (the company skipped 14.8.6). Likewise, iPhone and iPad users who have not moved to newer major releases have similarly continued to receive updates, with iOS 18 and iPadOS 18 now at version 18.7.9.
For Apple Watch and Apple Vision Pro users, Apple also released watchOS 26 and visionOS 26 last year, introducing multiple new features, in addition to including important security fixes.
That said, Apple today updated the security content page for these system versions (and then some), adding more details on the fixes included and their corresponding CVEs.
Here are the security fixes added today on iOS 26 and iPadOS 26’s security content page:
Siri
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2025-30468: Richard Hyunho Im (@richeeta), Jiwon ParkCalendar
We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.
Here’s what Apple added to the security content of visionOS 26 and watchOS 26:
Calendar
We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.
Kernel
We would like to acknowledge Sungwoo Kim, Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.
Here are the security fixes added today on macOS Sonoma 14.8’s security content page:
Call History
Available for: macOS Sonoma
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)CoreServices
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43290: Zhongcheng Li from IES Red Team of ByteDanceCoreServices
Available for: macOS Sonoma
Impact: A malicious app may be able to access sensitive user data
Description: A logic issue was addressed with improved validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)FaceTime
Available for: macOS Sonoma
Impact: Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen
Description: This issue was addressed through improved state management.
CVE-2025-31271: Shantanu ThakurPhone
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43508: Wojciech Regula of SecuRing (wojciechregula.blog)StorageKit
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43306: Mickey Jin (@patch1t)
Here are the security fixes added today on macOS Sonoma 14.8.2’s security content page:
SQLite
Available for: macOS Sonoma
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965
And here’s what Apple added to the security content of iOS 18.7 and iPadOS 18.7:
Call History
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)ImageIO
We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.
To learn more about Apple’s security updates, follow this link.
Worth checking out on Amazon
FTC: We use income earning auto affiliate links. More.
