Apple today updated the security content pages for several macOS, iOS, iPadOS, visionOS, and watchOS releases, adding new CVE details for the vulnerabilities addressed in each update. Here are the details.
New details for old and recent software releases
Last September, Apple released macOS 14.8 Sonoma, iOS 18.7 and iPadOS 18.7, with important security updates that, among other things, address vulnerabilities that could allow an attacker to access protected or sensitive user data.
Since then, Apple has updated macOS Sonoma six more times, with the system currently running on version 14.8.7 (the company skipped 14.8.6). Likewise, iPhone and iPad users who haven’t upgraded to newer major releases have continued to receive updates with iOS 18 and iPadOS 18, now version 18.7.9.
Apple also released it for Apple Watch and Apple Vision Pro users watchOS 26 and visionOS Last year, 26 introduced many new features, including important security fixes.
However, Apple today updated the security content page for these system versions (and then some) to include more information about the included fixes and their corresponding CVEs.
Here are the security fixes added today on the iOS 26 and iPadOS 26 security content page:
Siri
Available: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later
Impact: Private View icons can be accessed without authentication
Description: This problem was solved by improving public administration.
CVE-2025-30468: Richard Hyunho Im (@richeeta), Jiwon ParkCalendar
We would like to thank Keisuke Chinone (Iroiro) and Rosyna Keller of Completely Malware for their help.
What Apple added to the security content of visionOS 26 and watchOS 26:
Calendar
We would like to thank Keisuke Chinone (Iroiro) and Rosyna Keller of Completely Malware for their help.
Kernel
We Sungwoo Kim, Yepeng Pan, Prof. Dr. We would like to thank Christian Rossow for his assistance.
Here are the security fixes added today on the macOS Sonoma 14.8 security content page:
Call History
Available for: macOS Sonoma
Impact: The application may capture the user’s fingerprint
Description: This issue was addressed with improved editing of sensitive data.
CVE-2025-43357: Rosyna Keller of Totally Malware, Guilherme Rambo of Best Friend Apps (rambo.codes)CoreServices
Available for: macOS Sonoma
Impact: The program may modify protected parts of the file system
Description: Fixed a permission issue with additional restrictions.
CVE-2025-43290: Zhongcheng Li of IES Red ByteDance TeamCoreServices
Available for: macOS Sonoma
Impact: Malware may access sensitive user data
Description: Fixed a logic issue with improved validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)FaceTime
Available for: macOS Sonoma
Impact: Incoming FaceTime calls may be visible or received on a locked macOS device, even if lock screen notifications are disabled
Description: This problem was solved by improving public administration.
CVE-2025-31271: Shantanu ThakurPhone
Available for: macOS Sonoma
Impact: The application may access sensitive user data
Description: Fixed logging issue with improved data editing.
CVE-2025-43508: Wojciech Regula of SecuRing (wojciechregula.blog)Storage Kit
Available for: macOS Sonoma
Impact: Malware may gain root privileges
Description: Fixed a logic issue with improved checks.
CVE-2025-43306: Mickey Jin (@patch1t)
Here are the security fixes added today on the macOS Sonoma 14.8.2 security content page:
SQLite
Available for: macOS Sonoma
Impact: File processing may cause memory corruption
Description: This is a vulnerability in open source code, and Apple Software is among the affected projects. The CVE-ID is assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965
Apple added to the security content of iOS 18.7 and iPadOS 18.7:
Call History
Available on: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later
Impact: The application may capture the user’s fingerprint
Description: This issue was addressed with improved editing of sensitive data.
CVE-2025-43357: Rosyna Keller of Totally Malware, Guilherme Rambo of Best Friend Apps (rambo.codes)ImageIO
We at Enki WhiteHat would like to thank DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) for their help.
To learn more about Apple security updates, follow this link.
It’s worth checking out on Amazon
FTC: We use automatic affiliate links that generate income. More.
