iOS
iOS 26
Official advisory36 CVEs fixed by this release.
- Release date
- 2025-09-15
- End of support
- —
- CVEs fixed
- 36
- CISA KEV
- 0
- Critical
- 0
- High
- 1
- NVD pending
- 34
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-6965
[Apple SQLite] Processing a file may lead to memory corruption |
HIGH 9.8 | — | [Apple SQLite] Processing a file may lead to memory corruption | |
|
CVE-2025-46306
The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS T… |
MEDIUM 5.5 | — | The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafte… | |
|
CVE-2025-43376
[Apple WebKit] A remote attacker may be able to view leaked DNS queries with Private Relay turned on |
N/A | — | [Apple WebKit] A remote attacker may be able to view leaked DNS queries with Private Relay turned on | |
|
CVE-2025-43338
[Apple ImageIO] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process m… |
N/A | — | [Apple ImageIO] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43365
[Apple MetricKit] An unprivileged process may be able to terminate a root processes |
N/A | — | [Apple MetricKit] An unprivileged process may be able to terminate a root processes | |
|
CVE-2025-43361
[Apple Audio] A malicious app may be able to read kernel memory |
N/A | — | [Apple Audio] A malicious app may be able to read kernel memory | |
|
CVE-2025-43372
[Apple CoreMedia] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-30468
[Apple Siri] Private Browsing tabs may be accessed without authentication |
N/A | — | [Apple Siri] Private Browsing tabs may be accessed without authentication | |
|
CVE-2025-31254
[Apple Safari] Processing maliciously crafted web content may lead to unexpected URL redirection |
N/A | — | [Apple Safari] Processing maliciously crafted web content may lead to unexpected URL redirection | |
|
CVE-2025-31255
[Apple IOKit] An app may be able to access sensitive user data |
N/A | — | [Apple IOKit] An app may be able to access sensitive user data | |
|
CVE-2025-43190
[Apple Spell Check] An app may be able to access sensitive user data |
N/A | — | [Apple Spell Check] An app may be able to access sensitive user data | |
|
CVE-2025-43203
[Apple Notes] An attacker with physical access to an unlocked device may be able to view an image in the most recently … |
N/A | — | [Apple Notes] An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note | |
|
CVE-2025-43272
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43302
[Apple IOHIDFamily] An app may be able to cause unexpected system termination |
N/A | — | [Apple IOHIDFamily] An app may be able to cause unexpected system termination | |
|
CVE-2025-43303
[Apple Bluetooth] An app may be able to access sensitive user data |
N/A | — | [Apple Bluetooth] An app may be able to access sensitive user data | |
|
CVE-2025-43309
[Apple Notifications] An attacker with physical access to an iOS device may be able to view notification contents from … |
N/A | — | [Apple Notifications] An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen | |
|
CVE-2025-43317
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43323
[Apple CloudKit] An app may be able to fingerprint the user |
N/A | — | [Apple CloudKit] An app may be able to fingerprint the user | |
|
CVE-2025-43329
[Apple Sandbox] An app may be able to break out of its sandbox |
N/A | — | [Apple Sandbox] An app may be able to break out of its sandbox | |
|
CVE-2025-43342
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43343
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43344
[Apple Apple Neural Engine] An app may be able to cause unexpected system termination |
N/A | — | [Apple Apple Neural Engine] An app may be able to cause unexpected system termination | |
|
CVE-2025-43345
[Apple Kernel] An app may be able to access sensitive user data |
N/A | — | [Apple Kernel] An app may be able to access sensitive user data | |
|
CVE-2025-43346
[Apple Audio] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process mem… |
N/A | — | [Apple Audio] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43347
[Apple System] An input validation issue was addressed |
N/A | — | [Apple System] An input validation issue was addressed | |
|
CVE-2025-43349
[Apple CoreAudio] Processing a maliciously crafted video file may lead to unexpected app termination |
N/A | — | [Apple CoreAudio] Processing a maliciously crafted video file may lead to unexpected app termination | |
|
CVE-2025-43354
[Apple Bluetooth] An app may be able to access sensitive user data |
N/A | — | [Apple Bluetooth] An app may be able to access sensitive user data | |
|
CVE-2025-43355
[Apple MobileStorageMounter] An app may be able to cause a denial-of-service |
N/A | — | [Apple MobileStorageMounter] An app may be able to cause a denial-of-service | |
|
CVE-2025-43356
[Apple WebKit] A website may be able to access sensor information without user consent |
N/A | — | [Apple WebKit] A website may be able to access sensor information without user consent | |
|
CVE-2025-43357
[Apple Call History] An app may be able to fingerprint the user |
N/A | — | [Apple Call History] An app may be able to fingerprint the user | |
|
CVE-2025-43358
[Apple Shortcuts] A shortcut may be able to bypass sandbox restrictions |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass sandbox restrictions | |
|
CVE-2025-43359
[Apple Kernel] A UDP server socket bound to a local interface may become bound to all interfaces |
N/A | — | [Apple Kernel] A UDP server socket bound to a local interface may become bound to all interfaces | |
|
CVE-2025-43360
[Apple Authentication Services] Password fields may be unintentionally revealed |
N/A | — | [Apple Authentication Services] Password fields may be unintentionally revealed | |
|
CVE-2025-43362
[Apple LaunchServices] An app may be able to monitor keystrokes without user permission |
N/A | — | [Apple LaunchServices] An app may be able to monitor keystrokes without user permission | |
|
CVE-2025-43368
[Apple WebKit Process Model] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit Process Model] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43419
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |