macOS
macOS 26.2
Official advisory59 CVEs fixed by this release.
- Release date
- 2025-12-12
- End of support
- —
- CVEs fixed
- 59
- CISA KEV
- 2
- Critical
- 0
- High
- 0
- NVD pending
- 56
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-14174
KEV
[Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a rep… |
N/A | KEV | [Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploi… | |
|
CVE-2025-43529
KEV
[Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a rep… |
N/A | KEV | [Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploi… | |
|
CVE-2024-7264
[Apple curl] Multiple issues in curl |
MEDIUM 6.5 | — | [Apple curl] Multiple issues in curl | |
|
CVE-2025-9086
[Apple curl] Multiple issues in curl |
MEDIUM 4.3 | — | [Apple curl] Multiple issues in curl | |
|
CVE-2025-5918
[Apple libarchive] Processing a file may lead to memory corruption |
LOW 3.9 | — | [Apple libarchive] Processing a file may lead to memory corruption | |
|
CVE-2025-43524
[Apple Icons] An app may be able to break out of its sandbox |
N/A | — | [Apple Icons] An app may be able to break out of its sandbox | |
|
CVE-2025-43417
[Apple File Bookmark] An app may be able to access user-sensitive data |
N/A | — | [Apple File Bookmark] An app may be able to access user-sensitive data | |
|
CVE-2025-43533
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-46283
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data | |
|
CVE-2025-46290
[Apple Security] A remote attacker may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote attacker may be able to cause a denial-of-service | |
|
CVE-2025-46300
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-46301
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-46302
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-46303
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-46304
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-46305
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2024-8906
[Apple Safari Downloads] A download's origin may be incorrectly associated |
N/A | — | [Apple Safari Downloads] A download's origin may be incorrectly associated | |
|
CVE-2025-43410
[Apple Notes] An attacker with physical access may be able to view deleted notes |
N/A | — | [Apple Notes] An attacker with physical access may be able to view deleted notes | |
|
CVE-2025-43416
[Apple sudo] An app may be able to access protected user data |
N/A | — | [Apple sudo] An app may be able to access protected user data | |
|
CVE-2025-43428
[Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2025-43482
[Apple Audio] An app may be able to cause a denial-of-service |
N/A | — | [Apple Audio] An app may be able to cause a denial-of-service | |
|
CVE-2025-43501
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43509
[Apple Networking] An app may be able to access sensitive user data |
N/A | — | [Apple Networking] An app may be able to access sensitive user data | |
|
CVE-2025-43511
[Apple WebKit Web Inspector] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit Web Inspector] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43512
[Apple Kernel] An app may be able to elevate privileges |
N/A | — | [Apple Kernel] An app may be able to elevate privileges | |
|
CVE-2025-43513
[Apple MDM Configuration Tools] An app may be able to read sensitive location information |
N/A | — | [Apple MDM Configuration Tools] An app may be able to read sensitive location information | |
|
CVE-2025-43514
[Apple Siri] An app may be able to access protected user data |
N/A | — | [Apple Siri] An app may be able to access protected user data | |
|
CVE-2025-43516
[Apple Voice Control] A user with Voice Control enabled may be able to transcribe another user's activity |
N/A | — | [Apple Voice Control] A user with Voice Control enabled may be able to transcribe another user's activity | |
|
CVE-2025-43517
[Apple Call History] An app may be able to access protected user data |
N/A | — | [Apple Call History] An app may be able to access protected user data | |
|
CVE-2025-43518
[Apple Foundation] An app may be able to inappropriately access files through the spellcheck API |
N/A | — | [Apple Foundation] An app may be able to inappropriately access files through the spellcheck API | |
|
CVE-2025-43519
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43521
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43522
[Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data | |
|
CVE-2025-43523
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43526
[Apple Safari] On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that … |
N/A | — | [Apple Safari] On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted | |
|
CVE-2025-43527
[Apple StorageKit] An app may be able to gain root privileges |
N/A | — | [Apple StorageKit] An app may be able to gain root privileges | |
|
CVE-2025-43530
[Apple VoiceOver] An app may be able to access sensitive user data |
N/A | — | [Apple VoiceOver] An app may be able to access sensitive user data | |
|
CVE-2025-43531
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43532
[Apple Foundation] Processing malicious data may lead to unexpected app termination |
N/A | — | [Apple Foundation] Processing malicious data may lead to unexpected app termination | |
|
CVE-2025-43535
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43536
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43538
[Apple Screen Time] An app may be able to access sensitive user data |
N/A | — | [Apple Screen Time] An app may be able to access sensitive user data | |
|
CVE-2025-43539
[Apple AppleJPEG] Processing a file may lead to memory corruption |
N/A | — | [Apple AppleJPEG] Processing a file may lead to memory corruption | |
|
CVE-2025-43541
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43542
[Apple FaceTime] Password fields may be unintentionally revealed when remotely controlling a device over FaceTime |
N/A | — | [Apple FaceTime] Password fields may be unintentionally revealed when remotely controlling a device over FaceTime | |
|
CVE-2025-46276
[Apple Messages] An app may be able to access sensitive user data |
N/A | — | [Apple Messages] An app may be able to access sensitive user data | |
|
CVE-2025-46277
[Apple Screen Time] An app may be able to access a user’s Safari history |
N/A | — | [Apple Screen Time] An app may be able to access a user’s Safari history | |
|
CVE-2025-46278
[Apple Game Center] An app may be able to access protected user data |
N/A | — | [Apple Game Center] An app may be able to access protected user data | |
|
CVE-2025-46279
[Apple Icons] An app may be able to identify what other apps a user has installed |
N/A | — | [Apple Icons] An app may be able to identify what other apps a user has installed | |
|
CVE-2025-46281
[Apple File Bookmark] An app may be able to break out of its sandbox |
N/A | — | [Apple File Bookmark] An app may be able to break out of its sandbox | |
|
CVE-2025-46282
[Apple WebKit] An app may be able to access sensitive user data |
N/A | — | [Apple WebKit] An app may be able to access sensitive user data | |
|
CVE-2025-46285
[Apple Kernel] An app may be able to gain root privileges |
N/A | — | [Apple Kernel] An app may be able to gain root privileges | |
|
CVE-2025-46287
[Apple Call History] An attacker may be able to spoof their FaceTime caller ID |
N/A | — | [Apple Call History] An attacker may be able to spoof their FaceTime caller ID | |
|
CVE-2025-46288
[Apple App Store] An app may be able to access sensitive payment tokens |
N/A | — | [Apple App Store] An app may be able to access sensitive payment tokens | |
|
CVE-2025-46289
[Apple AppSandbox] An app may be able to access protected user data |
N/A | — | [Apple AppSandbox] An app may be able to access protected user data | |
|
CVE-2025-46291
[Apple LaunchServices] An app may bypass Gatekeeper checks |
N/A | — | [Apple LaunchServices] An app may bypass Gatekeeper checks | |
|
CVE-2025-46297
[Apple AppSandbox] An app may be able to access protected files within an App Sandbox container |
N/A | — | [Apple AppSandbox] An app may be able to access protected files within an App Sandbox container | |
|
CVE-2025-46298
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-46299
[Apple WebKit] Processing maliciously crafted web content may disclose internal states of the app |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may disclose internal states of the app |