Apple has updated some of its previously published security content for iOS, iPadOS, macOS, visionOS, watchOS and tvOS with new CVE details. The additions, dated May 26, 2026, expanded the technical record of vulnerabilities closed in system components such as Siri, Call History, CoreServices, FaceTime, StorageKit, Sandbox, Crash Reporter, PackageKit and Kernel.
New vulnerability details in Apple security notes
The records updated by Apple cover both old version branches and new operating system families. macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7 were released with security fixes last year.
These versions include different security topics such as accessing protected or sensitive user data, removing fingerprints, changing system files and escalating privileges. In its security documentation, Apple lists vulnerabilities by CVE-ID whenever possible and does not disclose security issues until the review is complete and the patch is ready.
The most notable addition in iOS 26 and iPadOS 26 was made in the Siri title. According to the information in Apple’s security note, the problem that caused Private Browsing tabs to become accessible without authentication was resolved with improved status management.
This recording was listed under the number CVE-2025-30468 and was attributed to Richard Hyunho Im and Jiwon Park. The update covers iPhone 11 and newer models, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.
Apple also published an additional thank you note for the Calendar section on the same iOS 26 and iPadOS 26 security page. Keisuke Chinone and Rosyna Keller were added to the names mentioned for their assistance under the Calendar title. The same names for Calendar were included in the security contents of visionOS 26 and watchOS 26. On these two platforms, under the title Kernel, Sungwoo Kim, Yepeng Pan and Prof. Dr. Thanks to Christian Rossow.
The records added for macOS Sonoma 14.8 cover a wider area. The issue in the Call History component that allowed an application to extract a user’s fingerprint was fixed by better masking sensitive information and was listed as CVE-2025-43357.
The names of Rosyna Keller and Guilherme Rambo were included in this recording. Two separate vulnerabilities have been added on the CoreServices side. One of these could allow an application to modify protected parts of the file system, and the other could allow a malicious application to access sensitive user data. These vulnerabilities were recorded as CVE-2025-43290 and CVE-2025-43289.
FaceTime, Phone and StorageKit titles have also been updated for macOS Sonoma 14.8. Included an issue where incoming calls in FaceTime recording could be seen or accepted on a locked macOS device; Moreover, this could happen even if notifications were turned off on the lock screen.
This vulnerability is listed as CVE-2025-31271. A logging issue in the Phone header that could allow an application to access sensitive user data was added with CVE-2025-43508. The vulnerability that allowed a malicious application to gain root privilege on the StorageKit side was recorded as CVE-2025-43306.
A new record for SQLite has also been added to the security content of macOS Sonoma 14.8.2. In Apple’s note, this vulnerability was defined as processing a file that could lead to memory corruption. The vulnerability, CVE-2025-6965, was listed as a security issue in open source code and Apple software was among the affected projects.
The same CVE-2025-43357 record for Call History was also included on the security pages of iOS 18.7 and iPadOS 18.7. In these versions, the relevant vulnerabilities are listed for iPhone An additional thank you note was published on the ImageIO thread for the help of DongJun Kim and JongSeong Kim.
Apple also updated the macOS Sequoia 15.7 security notes with additions dated May 26, 2026. Added records CVE-2025-43357 for Call History, CVE-2025-43290 and CVE-2025-43289 for CoreServices, CVE-2025-46284 for Crash Reporter, CVE-2025-43464 for dyld, and CVE-2025-31271 for FaceTime. The Crash Reporter vulnerability could cause an application to gain root privilege, while the dyld vulnerability could cause a denial of service at the application level by visiting a website.
There are also many new records in the security content of macOS Tahoe 26. Added CVE-2025-43451 in the AWD header, which allows an application to access sensitive user data. In the Compression section, the risk of access to sensitive user data was listed with CVE-2025-43403. Modification of protected file system sections on the CoreServices side and access to sensitive user data have been updated with CVE-2025-43290 and CVE-2025-43289.
Additional records were also published for macOS Tahoe 26 under the titles Crash Reporter, GPU Drivers, PackageKit, Sandbox and StorageKit. In the Crash Reporter registry, the ability of an application to gain root privilege was listed as CVE-2025-46284, in the GPU Drivers registry, the ability of an application to gain root privilege was listed as CVE-2025-46280, and in the PackageKit registry, the ability of an attacker with root privilege to delete protected system files was listed as CVE-2025-46310.
Added risk of access to sensitive user data as CVE-2025-46307 in the Sandbox title. On the StorageKit side, there was a record of CVE-2025-43306 regarding a malicious application being able to gain root privilege.
The addition on the tvOS 26 side was made in the Kernel header. Apple in this episode Sungwoo Kim, Yepeng Pan and Prof. Dr. He thanked Christian Rossow for his help. Thus, the update dated May 26, 2026 became a comprehensive security documentation update covering iPhone, iPad, Mac, Apple Watch, Apple Vision Pro and Apple TV software.
Comments
You can write your views about this story. Comments may be moderated according to site settings.