Apple Updates Everything - iOS/macOS 26 Edition
Today, as expected, Apple released iOS/iPadOS/macOS/watchOS/tvOS 26. Going forward, Apple will adopt the same OS number across its different offerings, setting us up for a potential year 2100 issue. Notably, VisionOS was not updated.
There are two options to apply the security updates: You may stick with the old major operating system version (iOS 18 or macOS 15), or you may upgrade directly to the "26" version. For more careful users, sticking with the older version will get you all the security fixes (and other bug fixes), but none of the new features and the potential instabilities and compatibility issues.
This update also includes a patch for an already-exploited vulnerability, CVE-2025-43300. Apple patched this vulnerability in August, but only for current operating systems. This update backports this patch for older versions of iOS.
I did some quick Google searches if OS 26 supports various popular security software. Here is a quick summary:
Crowdstrike: Falcon >= 7.29
Little Snitch >= 6.3
Microsoft Defender: supported (July 1st)
Palo Alto Networks GlobalProtect: "appears to work, firewall detection does not work on macOS 26" (reddit user report, 3 months ago)
Let me know if you have any firsthand experience with any security-related applications that either work or do not work.
| iOS 26 and iPadOS 26 | iOS 18.7 and iPadOS 18.7 | iOS 16.7.12 and iPadOS 16.7.12 | iOS 15.8.5 and iPadOS 15.8.5 | macOS Tahoe 26 | macOS Sequoia 15.7 | macOS Sonoma 14.8 | tvOS 26 | watchOS 26 | visionOS 26 |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2025-24088: An app may be able to override MDM-enforced settings from profiles. Affects CoreServices |
|||||||||
| x | |||||||||
| CVE-2025-24133: Keyboard suggestions may display sensitive information on the lock screen. Affects Text Input |
|||||||||
| x | |||||||||
| CVE-2025-24197: An app may be able to access sensitive user data. Affects Spotlight |
|||||||||
| x | x | x | |||||||
| CVE-2025-30468: Private Browsing tabs may be accessed without authentication. Affects Siri |
|||||||||
| x | |||||||||
| CVE-2025-31254: Processing maliciously crafted web content may lead to unexpected URL redirection. Affects Safari |
|||||||||
| x | |||||||||
| CVE-2025-31255: An app may be able to access sensitive user data. Affects IOKit |
|||||||||
| x | x | x | x | x | x | ||||
| CVE-2025-31259: An app may be able to capture a screenshot of an app entering or exiting full screen mode. Affects Screenshots |
|||||||||
| x | x | x | |||||||
| CVE-2025-31268: An app may be able to access protected user data. Affects Apple Online Store Kit |
|||||||||
| x | x | x | |||||||
| CVE-2025-31269: An app may be able to access protected user data. Affects Printing |
|||||||||
| x | x | ||||||||
| CVE-2025-31270: An app may be able to access protected user data. Affects Foundation |
|||||||||
| x | |||||||||
| CVE-2025-31271: Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen. Affects FaceTime |
|||||||||
| x | |||||||||
| CVE-2025-43190: An app may be able to access sensitive user data. Affects Spell Check |
|||||||||
| x | x | x | x | x | x | ||||
| CVE-2025-43203: An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note. Affects Notes |
|||||||||
| x | x | ||||||||
| CVE-2025-43204: An app may be able to break out of its sandbox. Affects RemoteViewServices |
|||||||||
| x | |||||||||
| CVE-2025-43207: An app may be able to access user-sensitive data. Affects Music |
|||||||||
| x | |||||||||
| CVE-2025-43208: An app may be able to read sensitive location information. Affects Airport |
|||||||||
| x | |||||||||
| CVE-2025-43231: An app may be able to access user-sensitive data. Affects LaunchServices |
|||||||||
| x | |||||||||
| CVE-2025-43262: USB Restricted Mode may not be applied to accessories connected during boot. Affects Trusted Device |
|||||||||
| x | |||||||||
| CVE-2025-43272: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
|||||||||
| x | x | x | x | ||||||
| CVE-2025-43273: A sandboxed process may be able to circumvent sandbox restrictions. Affects CoreMedia |
|||||||||
| x | |||||||||
| CVE-2025-43277: Processing a maliciously crafted audio file may lead to memory corruption. Affects CoreAudio |
|||||||||
| x | |||||||||
| CVE-2025-43279: An app may be able to access user-sensitive data. Affects Notification Center |
|||||||||
| x | |||||||||
| CVE-2025-43283: An app may be able to cause unexpected system termination. Affects GPU Drivers |
|||||||||
| x | |||||||||
| CVE-2025-43285: An app may be able to access protected user data. Affects AppSandbox |
|||||||||
| x | x | x | |||||||
| CVE-2025-43286: An app may be able to break out of its sandbox. Affects SharedFileList |
|||||||||
| x | x | x | |||||||
| CVE-2025-43287: Processing a maliciously crafted image may corrupt process memory. Affects ImageIO |
|||||||||
| x | |||||||||
| CVE-2025-43291: An app may be able to modify protected parts of the file system. Affects SharedFileList |
|||||||||
| x | x | x | |||||||
| CVE-2025-43292: An app may be able to access sensitive user data. Affects CoreMedia |
|||||||||
| x | x | ||||||||
| CVE-2025-43293: An app may be able to access sensitive user data. Affects SharedFileList |
|||||||||
| x | x | x | |||||||
| CVE-2025-43294: An app may be able to access sensitive user data. Affects MallocStackLogging |
|||||||||
| x | |||||||||
| CVE-2025-43295: An app may be able to cause a denial-of-service. Affects libc |
|||||||||
| x | x | x | x | ||||||
| CVE-2025-43297: An app may be able to cause a denial-of-service. Affects Power Management |
|||||||||
| x | |||||||||
| CVE-2025-43298: An app may be able to gain root privileges. Affects PackageKit |
|||||||||
| x | x | x | |||||||
| CVE-2025-43300: Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.. Affects ImageIO |
|||||||||
| x | x | ||||||||
| CVE-2025-43301: An app may be able to access contact info related to notifications in Notification Center. Affects Notification Center |
|||||||||
| x | x | x | |||||||
| CVE-2025-43302: An app may be able to cause unexpected system termination. Affects IOHIDFamily |
|||||||||
| x | x | x | x | x | x | x | x | ||
| CVE-2025-43303: An app may be able to access sensitive user data. Affects Bluetooth |
|||||||||
| x | x | x | x | x | |||||
| CVE-2025-43304: An app may be able to gain root privileges. Affects StorageKit |
|||||||||
| x | x | x | |||||||
| CVE-2025-43305: A malicious app may be able to access private information. Affects CoreServices |
|||||||||
| x | x | x | |||||||
| CVE-2025-43307: An app may be able to access sensitive user data. Affects Bluetooth |
|||||||||
| x | |||||||||
| CVE-2025-43308: An app may be able to access sensitive user data. Affects Touch Bar Controls |
|||||||||
| x | x | x | |||||||
| CVE-2025-43310: An app may be able to trick a user into copying sensitive data to the pasteboard. Affects WindowServer |
|||||||||
| x | x | x | |||||||
| CVE-2025-43311: An app may be able to access protected user data. Affects Touch Bar |
|||||||||
| x | x | x | |||||||
| CVE-2025-43312: An app may be able to cause unexpected system termination. Affects AMD |
|||||||||
| x | x | x | |||||||
| CVE-2025-43314: An app may be able to access sensitive user data. Affects StorageKit |
|||||||||
| x | x | x | |||||||
| CVE-2025-43315: An app may be able to access user-sensitive data. Affects MigrationKit |
|||||||||
| x | x | x | |||||||
| CVE-2025-43316: A malicious app may be able to gain root privileges. Affects DiskArbitration |
|||||||||
| x | x | ||||||||
| CVE-2025-43317: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
|||||||||
| x | x | x | x | x | |||||
| CVE-2025-43318: An app with root privileges may be able to access private information. Affects Sandbox |
|||||||||
| x | |||||||||
| CVE-2025-43319: An app may be able to access protected user data. Affects MediaLibrary |
|||||||||
| x | x | x | |||||||
| CVE-2025-43321: An app may be able to access protected user data. Affects AppKit |
|||||||||
| x | x | x | |||||||
| CVE-2025-43325: An app may be able to access sensitive user data. Affects Icons |
|||||||||
| x | |||||||||
| CVE-2025-43326: An app may be able to access sensitive user data. Affects GPU Drivers |
|||||||||
| x | x | x | |||||||
| CVE-2025-43327: Visiting a malicious website may lead to address bar spoofing. Affects Safari |
|||||||||
| x | |||||||||
| CVE-2025-43328: An app may be able to access sensitive user data. Affects Sandbox |
|||||||||
| x | |||||||||
| CVE-2025-43329: An app may be able to break out of its sandbox. Affects Sandbox |
|||||||||
| x | x | x | x | ||||||
| CVE-2025-43330: An app may be able to break out of its sandbox. Affects ATS |
|||||||||
| x | x | ||||||||
| CVE-2025-43331: An app may be able to access protected user data. Affects AppleMobileFileIntegrity |
|||||||||
| x | |||||||||
| CVE-2025-43332: An app may be able to break out of its sandbox. Affects Security Initialization |
|||||||||
| x | x | x | |||||||
| CVE-2025-43333: An app may be able to gain root privileges. Affects Spotlight |
|||||||||
| x | |||||||||
| CVE-2025-43337: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
|||||||||
| x | |||||||||
| CVE-2025-43340: An app may be able to break out of its sandbox. Affects AppleMobileFileIntegrity |
|||||||||
| x | |||||||||
| CVE-2025-43341: An app may be able to gain root privileges. Affects Storage |
|||||||||
| x | x | ||||||||
| CVE-2025-43342: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
|||||||||
| x | x | x | x | x | x | ||||
| CVE-2025-43343: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
|||||||||
| x | x | x | x | x | |||||
| CVE-2025-43344: An app may be able to cause unexpected system termination. Affects Apple Neural Engine |
|||||||||
| x | x | x | x | x | |||||
| CVE-2025-43346: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects Audio |
|||||||||
| x | x | x | x | x | x | ||||
| CVE-2025-43347: An input validation issue was addressed. Affects System |
|||||||||
| x | x | x | x | x | |||||
| CVE-2025-43349: Processing a maliciously crafted video file may lead to unexpected app termination. Affects CoreAudio |
|||||||||
| x | x | x | x | x | x | x | x | ||
| CVE-2025-43353: Processing a maliciously crafted string may lead to heap corruption. Affects Libinfo |
|||||||||
| x | x | x | |||||||
| CVE-2025-43355: An app may be able to cause a denial-of-service. Affects MobileStorageMounter |
|||||||||
| x | x | x | x | x | x | x | x | ||
| CVE-2025-43356: A website may be able to access sensor information without user consent. Affects WebKit |
|||||||||
| x | x | x | x | x | x | ||||
| CVE-2025-43357: An app may be able to fingerprint the user. Affects Call History |
|||||||||
| x | x | ||||||||
| CVE-2025-43358: A shortcut may be able to bypass sandbox restrictions. Affects Shortcuts |
|||||||||
| x | x | x | x | x | |||||
| CVE-2025-43359: A UDP server socket bound to a local interface may become bound to all interfaces. Affects Kernel |
|||||||||
| x | x | x | x | x | x | x | x | ||
| CVE-2025-43362: An app may be able to monitor keystrokes without user permission. Affects LaunchServices |
|||||||||
| x | x | ||||||||
| CVE-2025-43366: An app may be able to disclose coprocessor memory. Affects IOMobileFrameBuffer |
|||||||||
| x | |||||||||
| CVE-2025-43367: An app may be able to access protected user data. Affects Siri |
|||||||||
| x | x | ||||||||
| CVE-2025-43368: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit Process Model |
|||||||||
| x | x | ||||||||
| CVE-2025-43369: An app may be able to access protected user data. Affects SharedFileList |
|||||||||
| x | |||||||||
| CVE-2025-43372: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects CoreMedia |
|||||||||
| x | x | x | x | x | |||||
--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
ISC Stormcast For Monday, September 15th, 2025 https://isc.sans.edu/podcastdetail/9612
×
![modal content]()
Diary Archives
Comments