A path handling issue was addressed with improved validation.

About the security content of Xcode 26

Xcode 26
Released September 15, 2025

Dev Tools

• Available for: macOS Sequoia 15.6 and later
• Impact: Processing an overly large path value may crash a process
• Description: A path handling issue was addressed with improved validation.
• CVE-2025-43370: Nathaniel Oh (@calysteon)

Dev Tools

• Available for: macOS Sequoia 15.6 and later
• Impact: Processing an overly large path value may crash a process
• Description: The issue was addressed with improved checks.
• CVE-2025-43375: Nathaniel Oh (@calysteon)

Git

• Available for: macOS Sequoia 15.6 and later
• Impact: Cloning a maliciously crafted repository may result in remote code execution
• Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
• CVE-2025-48384

IDE CoreML

• Available for: macOS Sequoia 15.6 and later
• Impact: An app may be able to read and write files outside of its sandbox
• Description: The issue was addressed with improved checks.
• CVE-2025-43263: Mickey Jin (@patch1t)

Xcode

• Available for: macOS Sequoia 15.6 and later
• Impact: An app may be able to break out of its sandbox
• Description: This issue was addressed with improved checks.
• CVE-2025-43371: Mickey Jin (@patch1t)