Vulnerabilities (CVE)

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data.

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. Parsing a file may lead to an unexpected app termination.

This issue was addressed with improved validation of symlinks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access protected user data.

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to cause a denial-of-service.

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to cause unexpected system termination or corrupt kernel memory.

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may bypass Gatekeeper checks.

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26, macOS Sonoma 14.8.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app with root privileges may be able to access private information.

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data.

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data.

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data.

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.

A race condition was addressed with improved state handling. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.

Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the dig ... Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

Show More

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not requ ... Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

Show More

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction.

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.