Not a user yet?
Log in Register for free Suggest a product
Update

An out-of-bounds access issue was addressed with improved bounds checking.

VisionOSVisionOS
Apple
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

About the security content of visionOS 26

visionOS 26
Released September 15, 2025

AppleMobileFileIntegrity

  • Available for: Apple Vision Pro
  • Impact: An app may be able to access sensitive user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2025-43317: Mickey Jin (@patch1t)

Apple Neural Engine

  • Available for: Apple Vision Pro
  • Impact: An app may be able to cause unexpected system termination
  • Description: An out-of-bounds access issue was addressed with improved bounds checking.
  • CVE-2025-43344: an anonymous researcher

Audio

  • Available for: Apple Vision Pro
  • Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
  • Description: An out-of-bounds access issue was addressed with improved bounds checking.
  • CVE-2025-43346: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

Bluetooth

  • Available for: Apple Vision Pro
  • Impact: An app may be able to access sensitive user data
  • Description: A logging issue was addressed with improved data redaction.
  • CVE-2025-43354: Csaba Fitzl (@theevilbit) of Kandji
  • CVE-2025-43303: Csaba Fitzl (@theevilbit) of Kandji

CoreAudio

  • Available for: Apple Vision Pro
  • Impact: Processing a maliciously crafted video file may lead to unexpected app termination
  • Description: An out-of-bounds write issue was addressed with improved input validation.
  • CVE-2025-43349: @zlluny working with Trend Micro Zero Day Initiative

CoreMedia

  • Available for: Apple Vision Pro
  • Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
  • Description: The issue was addressed with improved input validation.
  • CVE-2025-43372: 이동하 (Lee Dong Ha) of SSA Lab

DiskArbitration

  • Available for: Apple Vision Pro
  • Impact: A malicious app may be able to gain root privileges
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2025-43316: Csaba Fitzl (@theevilbit) of Kandji, an anonymous researcher

IOHIDFamily

  • Available for: Apple Vision Pro
  • Impact: An app may be able to cause unexpected system termination
  • Description: An out-of-bounds write issue was addressed with improved bounds checking.
  • CVE-2025-43302: Keisuke Hosoda

Kernel

  • Available for: Apple Vision Pro
  • Impact: A UDP server socket bound to a local interface may become bound to all interfaces
  • Description: A logic issue was addressed with improved state management.
  • CVE-2025-43359: Viktor Oreshkin

MobileStorageMounter

  • Available for: Apple Vision Pro
  • Impact: An app may be able to cause a denial-of-service
  • Description: A type confusion issue was addressed with improved memory handling.
  • CVE-2025-43355: Dawuge of Shuffle Team

Spell Check

  • Available for: Apple Vision Pro
  • Impact: An app may be able to access sensitive user data
  • Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
  • CVE-2025-43190: Noah Gregory (wts.dev)

SQLite

  • Available for: Apple Vision Pro
  • Impact: Processing a file may lead to memory corruption
  • Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
  • CVE-2025-6965

System

  • Available for: Apple Vision Pro
  • Impact: An input validation issue was addressed
  • Description: This issue was addressed by removing the vulnerable code.
  • CVE-2025-43347: JZ, Seo Hyun-gyu (@wh1te4ever), Luke Roberts (@rookuu)

WebKit

  • Available for: Apple Vision Pro
  • Impact: A website may be able to access sensor information without user consent
  • Description: The issue was addressed with improved handling of caches.
  • WebKit Bugzilla: 296153
  • CVE-2025-43356: Jaydev Ahire

WebKit

  • Available for: Apple Vision Pro
  • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
  • Description: The issue was addressed with improved memory handling.
  • WebKit Bugzilla: 294550
  • CVE-2025-43272: Big Bear

WebKit

  • Available for: Apple Vision Pro
  • Impact: Processing maliciously crafted web content may lead to an unexpected process crash
  • Description: The issue was addressed with improved memory handling.
  • WebKit Bugzilla: 296490
  • CVE-2025-43343: an anonymous researcher

WebKit

  • Available for: Apple Vision Pro
  • Impact: Processing maliciously crafted web content may lead to an unexpected process crash
  • Description: A correctness issue was addressed with improved checks.
  • WebKit Bugzilla: 296042
  • CVE-2025-43342: an anonymous researcher
Version: visionOS 26 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Apple VisionOS updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad