Apple Expands Security Documentation Across Multiple Platforms with New CVE Details

Apple has significantly updated the security content pages for several of its operating system releases, providing developers and security researchers with detailed information about vulnerabilities addressed in recent and older updates. This comprehensive documentation includes new CVE (Common Vulnerabilities and Exposures) details that shed light on security issues across macOS, iOS, iPadOS, visionOS, and watchOS.

Security Updates Span Multiple Platform Versions

The security content updates cover a range of Apple's operating systems, from the latest versions to those released as far back as September 2025. This approach demonstrates Apple's commitment to transparency about security issues across its entire ecosystem, even for users who haven't yet upgraded to the latest major releases.

For macOS users, the updates include details for macOS Sonoma 14.8, macOS Sonoma 14.8.2, macOS Sequoia 15.7, and macOS Tahoe 26. iOS and iPadOS users receive updated information for iOS 18.7 and iPadOS 18.7, while visionOS 26 and watchOS 26 also have their security content expanded. Additionally, tvOS 26 received a security update with kernel-related fixes.

Detailed Vulnerability Information

The updated security content provides specific details about each vulnerability, including:

• Affected components (Siri, Calendar, Call History, FaceTime, etc.)
• Potential impact (data access, privilege escalation, etc.)
• Description of the issue and how it was addressed
• CVE identifiers for each vulnerability
• Credits to researchers who discovered the issues

Notable Vulnerabilities Across Platforms

Several vulnerabilities appear across multiple platforms, indicating systematic issues that Apple addressed consistently:

• CVE-2025-43357: Affects Call History in macOS Sonoma, macOS Sequoia, and iOS/iPadOS 18.7. This vulnerability could allow apps to fingerprint users through improper redaction of sensitive information.
• CVE-2025-43290: Found in CoreServices across macOS Sonoma and macOS Sequoia, this issue could permit apps to modify protected parts of the file system due to insufficient permissions restrictions.
• CVE-2025-43289: Also in CoreServices, this vulnerability might allow malicious apps to access sensitive user data through inadequate validation logic.
• CVE-2025-31271: Affects FaceTime in macOS Sonoma and macOS Sequoia, where incoming calls could appear or be accepted on locked devices even with notifications disabled.
• CVE-2025-43508: Present in Phone functionality across macOS Sonoma and macOS Sequoia, this issue could enable apps to access sensitive user data through improper logging practices.
• CVE-2025-43306: Affects StorageKit in macOS Sonoma and macOS Sequoia, potentially allowing malicious apps to gain root privileges through flawed logic checks.

Platform-Specific Security Issues

Beyond the cross-platform vulnerabilities, each operating system has unique security concerns addressed in these updates:

iOS 26 and iPadOS 26

• Siri (CVE-2025-30468): Private Browsing tabs could be accessed without authentication, addressed through improved state management.
• Calendar: Acknowledgments to Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.
• Kernel: Acknowledgments to Sungwoo Kim, Yepeng Pan, and Prof. Dr. Christian Rossow.

macOS Sonoma 14.8

• Call History (CVE-2025-43357): As mentioned above, fingerprinting vulnerability through improper redaction.
• CoreServices (CVE-2025-43290 and CVE-2025-43289): File system modification and data access issues.
• FaceTime (CVE-2025-31271): Incoming call handling on locked devices.
• Phone (CVE-2025-43508): Sensitive data access through logging issues.
• StorageKit (CVE-2025-43306): Potential root privilege escalation.

macOS Sonoma 14.8.2

• SQLite (CVE-2025-6965): A memory corruption vulnerability in the open source SQLite library used by macOS.

macOS Sequoia 15.7

• Crash Reporter (CVE-2025-46284): A race condition that could allow apps to gain root privileges.
• dyld (CVE-2025-43464): A denial-of-service issue when visiting certain websites.

macOS Tahoe 26

• AWD (CVE-2025-43451): Sensitive data access through a permissions issue.
• Compression (CVE-2025-43403): Authorization issues leading to potential data access.
• GPU Drivers (CVE-2025-46280): Out-of-bounds read causing unexpected system termination.
• PackageKit (CVE-2025-46310): Potential deletion of protected system files by attackers with root privileges.
• Sandbox (CVE-2025-46307): Logic issues allowing apps to access sensitive user data.

tvOS 26

• Kernel: Acknowledgments to Sungwoo Kim, Yepeng Pan, and Prof. Dr. Christian Rossow.

Developer Impact and Best Practices

For developers, these security updates highlight several important considerations:

1. Regular Security Audits: The consistent discovery of vulnerabilities across components suggests the need for thorough security reviews of all applications, especially those with system-level permissions.

2. Input Validation: Many vulnerabilities, like the dyld issue in macOS Sequoia, stem from improper input validation. Developers should implement robust input sanitization practices.

3. Permission Management: Issues like those in CoreServices and StorageKit demonstrate the critical importance of implementing proper permission checks and restrictions.

4. State Management: Several vulnerabilities, including the FaceTime issue, were resolved through improved state management, indicating that careful handling of application states is crucial for security.

5. Data Redaction: The Call History vulnerabilities emphasize the need for proper redaction of sensitive information in logs and other outputs.

User Implications

For end users, these security updates reinforce several important practices:

1. Timely Updates: While Apple provides security updates for older versions, users should still prioritize upgrading to the latest supported OS versions for comprehensive protection.

2. App Permissions: Users should carefully review and limit app permissions, especially for applications that request access to sensitive data or system functions.

3. Vigilance Against Social Engineering: Some vulnerabilities might be exploited through social engineering tactics, so users should remain cautious about unexpected notifications or requests.

Apple's Security Acknowledgment Program

Notably, Apple continues to acknowledge researchers who assist in identifying and fixing security issues. The updated content credits numerous security researchers, including:

• Rosyna Keller of Totally Not Malicious Software
• Guilherme Rambo of Best Buddy Apps
• Zhongcheng Li from IES Red Team of ByteDance
• Matej Moravec (@MacejkoMoravec) and Kirin (@Pwnrin)
• Shantanu Thakur
• Wojciech Regula of SecuRing
• Mickey Jin (@patch1t)
• Noah Gregory (wts.dev)
• Jian Lee (@speedyfriend433)
• Yiğit Can YILMAZ (@yilmazcanyigit)

This acknowledgment program demonstrates Apple's commitment to working with the security research community to identify and address potential vulnerabilities.

Conclusion

Apple's comprehensive update to security content across multiple platforms provides valuable transparency about the vulnerabilities affecting their systems. By detailing these issues and their resolutions, Apple helps developers understand potential risks and implement appropriate security measures in their applications. For users, this documentation reinforces the importance of maintaining up-to-date systems and being mindful of application permissions.

Developers and security professionals can access the complete security content updates through Apple's official security pages, ensuring they have the most current information about potential vulnerabilities and their mitigations.

For more information about Apple's security updates, you can visit their official security content page.