5.5
CVE-2026-20629 - Improper Temporary File Handling Allows Sensitive Data Access in macOS Tahoe
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
6.5
CVE-2026-20644 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
7.5
CVE-2026-20652 - webkitgtk: A remote attacker may be able to cause a denial-of-service
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
4.6
CVE-2026-20605 - Application Crash via Improper Memory Handling
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.
5.5
CVE-2026-20625 - Directory Traversal Allowing Local Apps to Access Sensitive User Data
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
5.5
CVE-2026-20648 - Malicious Application Can Read iCloud Device Notifications via Sensitive Data Exposure
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.
4.4
CVE-2026-20609 -
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may lead to a denial-of-seโฆ
5.5
CVE-2026-20608 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
5.5
CVE-2026-20649 - Logging Issue Exposes Sensitive User Information
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.
5.5
CVE-2026-20624 - macOS Injection Vulnerability Allowing App Access to Sensitive User Data
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.