Apple has retrospectively expanded its security documentation for several software versions. Affected are macOS Sonoma, iOS 18.7, iPadOS 18.7, as well as the current generations iOS 26, iPadOS 26, watchOS 26, and visionOS 26. The added CVE entries reveal the true extent of some previously patched vulnerabilities.
When Apple releases a security patch, the work on the documentation page doesn't necessarily end there. Often, vulnerabilities aren't fully described publicly until months later – with a specific CVE identifier, a description of the impact, and the names of those who reported the problem. This is precisely what has now happened with a batch of security content pages that Apple has updated. This development is part of a phase in which Apple is increasingly professionalizing its handling of security updates – most recently with the test run for background security updates starting with iOS 26.3, which are intended to roll out additional protective measures between major releases.
Which systems have now received additional CVE entries?
The latest documentation update includes additional details for several version chains. On the older systems side, this affects macOS Sonoma 14.8, macOS Sonoma 14.8.2, iOS 18.7, and iPadOS 18.7. Apple released these updates last September. macOS Sonoma has now reached version 14.8.7, skipping version 14.8.6. For users who haven't upgraded to a newer major release, iOS and iPadOS 18 are now at version 18.7.9.
The security entries for iOS 26 and iPadOS 26, as well as those for watchOS 26 and visionOS 26, have been expanded on the current software page. These systems were also released last year and, in addition to numerous new features, also brought a number of security fixes.
iOS 26 and iPadOS 26: Siri vulnerability revealed
A particularly noteworthy vulnerability has been added to iOS 26 and iPadOS 26. It affects Siri and is documented under CVE-2025-30468. The description in Apple's security notes is clear: tabs in private browsing mode could potentially be accessed without authentication. Apple has addressed the issue through improved state management.
The vulnerability is significant because private browsing mode is a source of trust for many users. If the separation between private and normal browsing could be bypassed - in this specific case via Siri - it's more than just a minor detail. According to Apple, the affected devices were iPhone 11 and later, iPad Pro 12.9-inch (3rd generation) and later, iPad Pro 11-inch (1st generation) and later, iPad Air (3rd generation) and later, iPad (8th generation) and later, and iPad mini (5th generation) and later.
Additionally, Apple has added a new Calendar entry acknowledging security researchers by name, without assigning a specific CVE identifier. This is standard practice for findings that are not directly exploitable.
watchOS 26 and visionOS 26 with kernel appreciation
Apple has also added further details for watchOS 26 and visionOS 26. In addition to the Calendar entry, the kernel area is also mentioned – with explicit acknowledgment of the research work by Sungwoo Kim, Yepeng Pan, and Christian Rossow. Again, no separate CVE identifier was assigned, which usually means that the underlying vulnerability was not clearly exploitable or was already documented elsewhere.
macOS Sonoma 14.8: A whole series of subsequent CVE entries
The update for macOS Sonoma 14.8 is particularly extensive. Apple has retrospectively documented several significant vulnerabilities. In the Call History area (CVE-2025-43357), an app could identify the user via fingerprinting – a method that allows a digital profile to be created without explicit consent. Apple has fixed this flaw by improving the masking of sensitive data.
Two separate vulnerabilities were added to CoreServices. CVE-2025-43290 allowed an app to access protected areas of the file system – a classic permissions vulnerability. CVE-2025-43289 allowed a malicious app to access sensitive user data and was addressed through improved validation.
Another vulnerability in FaceTime (CVE-2025-31271) affected the lock screen logic. Incoming FaceTime calls could be displayed or answered on a locked Mac – even when notifications on the lock screen were supposed to be disabled. In the Phone area (CVE-2025-43508), an app could exploit a logging problem to access sensitive user data that was not adequately redacted.
Particularly critical is CVE-2025-43306 in StorageKit. A logical flaw here could potentially grant root privileges on the Mac – a scenario that, if successful, would give an attacker virtually unlimited access to the system. This flaw has also been closed through additional security measures.
macOS Sonoma 14.8.2: Open-source vulnerability in SQLite
A new entry has been added for macOS Sonoma 14.8.2. It concerns SQLite, a very widely used open-source database library. Under CVE-2025-6965, Apple documents a vulnerability where processing a manipulated file could lead to memory corruption. Because this is a flaw in open-source code, the CVE identifier was assigned by a third party – Apple is just one of several affected software projects.
How this step fits into Apple's security routine
Adding CVE details retrospectively is part of Apple's established practice. Security researchers typically report vulnerabilities under coordinated secrecy. Only when a sufficient number of devices have been updated and the vulnerability no longer poses an immediate risk does Apple release the technical details publicly. In this way, the company initially patches vulnerabilities quietly – and only provides the precise information after the update has been widely installed.
This update joins a series of major security releases that Apple has already delivered in recent months – including iOS 26.4, which patched over 35 security vulnerabilities. Anyone who hasn't yet updated to the latest version should check now to ensure their iPhone, iPad, Mac, Apple Watch, or Vision Pro has the latest version installed.
More cybersecurity topics at a glance
Security updates are just one component of comprehensive protection for Apple devices. You can find further information on topics such as phishing detection, passkeys, secure iCloud usage, and securing your Apple account in the Apfelpatient cybersecurity section – with continuously updated guides and background reports. (Image: Shutterstock / your)
- Apple patent outlines true underwater photography for iPhones
- Apple Patent: Vision Pro could become modular and upgradeable
- Apple is working on an Apple Pencil with realistic haptics
- Apple case designed to connect iPhone to satellites
- Apple is bringing Touch ID back under the Display
- Apple Vision Pro: Will there be an Apple Pencil-like controller?
- Apple reported significantly fewer patents in the US in 2025
- AirPods of the future: Apple is researching smart gesture logic
- Apple plans fabric displays for HomePod and other devices
- Apple wins long-running dispute over iPhone camera patents
- Apple develops magnetic game controller for iPhone & iPad
- Apple relies on smart mattress sensors for sleep tracking
- Apple develops next-generation Taptic Engine
- Apple Ring – new patents give hope for an innovative wearable
- Apple Vision Pro could get more touch controls
- Apple files patent for iPhone made from a single piece of glass
- Apple is working on light signals for Apple Ring and more
- Apple files patent for new mouse button in keyboard
- Will Apple Pencil soon be available as a stylus for all Apple devices?
- Apple patent proves: AirPods with cameras in development
- Apple could improve Vision Pro for travel via software
- AirPods learn to read lips: Apple plans silent control
