parsing issue in the handling of directory paths was addressed with improved path validation.
macOSApple
MacOS Tahoe 26.3
Admin Framework
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20669: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20625: Mickey Jin (@patch1t), Ryan Dowd (@_rdowd)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An injection issue was addressed with improved validation.
CVE-2026-20624: Mickey Jin (@patch1t)
Bluetooth
Available for: macOS Tahoe
Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets
Description: A denial-of-service issue was addressed with improved validation.
CVE-2026-20650: jioundai
CFNetwork
Available for: macOS Tahoe
Impact: A remote user may be able to write arbitrary files
Description: A path handling issue was addressed with improved logic.
CVE-2026-20660: Amy (amys.website)
Contacts
Available for: macOS Tahoe
Impact: An app may be able to access information about a user's contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2026-20681: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University
CoreAudio
Available for: macOS Tahoe
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20611: Anonymous working with Trend Micro Zero Day Initiative
CoreMedia
Available for: macOS Tahoe
Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents
Description: The issue was addressed with improved memory handling.
CVE-2026-20609: Yiğit Can YILMAZ (@yilmazcanyigit)
CoreServices
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2026-20617: Gergely Kalman (@gergely_kalman), Csaba Fitzl (@theevilbit) of Iru
CoreServices
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved validation.
CVE-2026-20615: Csaba Fitzl (@theevilbit) of Iru and Gergely Kalman (@gergely_kalman)
CoreServices
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2026-20627: an anonymous researcher
dyld
Available for: macOS Tahoe
Impact: An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Description: A memory corruption issue was addressed with improved state management.
CVE-2026-20700: Google Threat Analysis Group
Foundation
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2026-20629: Asaf Cohen
Foundation
Available for: macOS Tahoe
Impact: An app may be able to monitor keystrokes without user permission
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20601: an anonymous researcher
Foundation
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2026-20623: an anonymous researcher
Game Center
Available for: macOS Tahoe
Impact: A user may be able to view sensitive user information
Description: A logging issue was addressed with improved data redaction.
CVE-2026-20649: Asaf Cohen
GPU Drivers
Available for: macOS Tahoe
Impact: An attacker may be able to cause unexpected system termination or read kernel memory
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2026-20620: Murray Mike
ImageIO
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: The issue was addressed with improved bounds checks.
CVE-2026-20675: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Tahoe
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20634: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative
Kernel
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2026-20654: Jian Lee (@speedyfriend433)
Kernel
Available for: macOS Tahoe
Impact: A malicious app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2026-20626: Keisuke Hosoda
Kernel
Available for: macOS Tahoe
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: A logic issue was addressed with improved checks.
CVE-2026-20671: Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef
LaunchServices
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20630: an anonymous researcher
libexpat
Available for: macOS Tahoe
Impact: Processing a maliciously crafted file may lead to a denial-of-service
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-59375
libxpc
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A logic issue was addressed with improved checks.
CVE-2026-20667: an anonymous researcher
Mail
Available for: macOS Tahoe
Impact: Turning off "Load remote content in messages” may not apply to all mail previews
Description: A logic issue was addressed with improved checks.
CVE-2026-20673: an anonymous researcher
Messages
Available for: macOS Tahoe
Impact: A shortcut may be able to bypass sandbox restrictions
Description: A race condition was addressed with improved handling of symbolic links.
CVE-2026-20677: Ron Masas of BreakPoint.SH
Model I/O
Available for: macOS Tahoe
Impact: Processing a maliciously crafted USD file may lead to unexpected app termination
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-20616: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Notification Center
Available for: macOS Tahoe
Impact: An app with root privileges may be able to access private information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2026-20603: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University
NSOpenPanel
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-20666: an anonymous researcher
Remote Management
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved validation.
CVE-2026-20614: Gergely Kalman (@gergely_kalman)
Safari
Available for: macOS Tahoe
Impact: An app may be able to access a user's Safari history
Description: A logic issue was addressed with improved validation.
CVE-2026-20656: Mickey Jin (@patch1t)
Sandbox
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20628: Noah Gregory (wts.dev)
Security
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A package validation issue was addressed by blocking the vulnerable package.
CVE-2026-20658: Pwn2car
Setup Assistant
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved handling of symlinks.
CVE-2026-20610: Gergely Kalman (@gergely_kalman)
Shortcuts
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20653: Enis Maholli (enismaholli.com)
Siri
Available for: macOS Tahoe
Impact: A malicious app may be able to access notifications from other iCloud devices
Description: A privacy issue was addressed by moving sensitive data to a protected location.
CVE-2026-20648: Morris Richman (@morrisinlife)
Siri
Available for: macOS Tahoe
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An authorization issue was addressed with improved state management.
CVE-2026-20662: Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir
Siri
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved data protection.
CVE-2026-20647: Kirin (@Pwnrin)
Spotlight
Available for: macOS Tahoe
Impact: A sandboxed app may be able to access sensitive user data
Description: The issue was addressed with additional restrictions on the observability of app states.
CVE-2026-20680: an anonymous researcher
Spotlight
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved checks.
CVE-2026-20612: Mickey Jin (@patch1t)
StoreKit
Available for: macOS Tahoe
Impact: An app may be able to identify what other apps a user has installed
Description: A privacy issue was addressed with improved checks.
CVE-2026-20641: Gongyu Ma (@Mezone0)
System Settings
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2026-20619: Asaf Cohen
System Settings
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: An issue was addressed with improved handling of temporary files.
CVE-2026-20618: Asaf Cohen
UIKit
Available for: macOS Tahoe
Impact: An app may be able to bypass certain Privacy preferences
Description: This issue was addressed by removing the vulnerable code.
CVE-2026-20606: LeminLimez
Voice Control
Available for: macOS Tahoe
Impact: An app may be able to crash a system process
Description: The issue was addressed with improved memory handling.
CVE-2026-20605: @cloudlldb of @pixiepointsec
Weather
Available for: macOS Tahoe
Impact: A malicious app may be able to read sensitive location information
Description: A logging issue was addressed with improved data redaction.
CVE-2026-20646: Morris Richman (@morrisinlife)
WebKit
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 303959
CVE-2026-20652: Nathaniel Oh (@calysteon)
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 303357
CVE-2026-20608: HanQing from TSDubhe and Nan Wang (@eternalsakura13)
WebKit
Available for: macOS Tahoe
Impact: A website may be able to track users through Safari web extensions
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 305020
CVE-2026-20676: Tom Van Goethem
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 303444
CVE-2026-20644: HanQing from TSDubhe and Nan Wang (@eternalsakura13)
WebKit Bugzilla: 304657
CVE-2026-20636: EntryHi
WebKit Bugzilla: 304661
CVE-2026-20635: EntryHi
Wi-Fi
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20621: Wang Yu of Cyberserval
WindowServer
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved handling of caches.
CVE-2026-20602: @cloudlldb of @pixiepointsec
