macOS

Apple operating system for Mac computers.

Tahoe 26 Sequoia 15 Sonoma 14 Ventura 13 EOL Monterey 12 EOL

Current version EOL

Last checked: yesterday

13.7.8

Release date: August 20, 2025
CVE status: 25 visible CVEs

Source

SOFA Apple Feed

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version	Published	Notes
13.7.8	2025-08-20	Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE	Severity	Published	Status	Summary
CVE-2025-43264	HIGH (8.8)	2026-04-02	Current versionaffected	The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. Affected versions Up to (excluding) 15.6
CVE-2025-43257	HIGH (8.7)	2026-04-02	Current versionaffected	This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox. Affected versions Up to (excluding) 15.6
CVE-2025-43219	HIGH (8.8)	2026-04-02	Current versionaffected	The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. Affected versions Up to (excluding) 15.6
CVE-2025-43202	HIGH (8.8)	2026-04-02	Current versionaffected	This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption. Affected versions Up to (excluding) 15.6
CVE-2024-44303	HIGH (7.5)	2026-04-02	Current versionaffected	The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system. Affected versions Up to (excluding) 15.1
CVE-2024-44286	HIGH (7.5)	2026-04-02	Current versionaffected	This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device. Affected versions Up to (excluding) 15.1
CVE-2024-44250	HIGH (8.2)	2026-04-02	Current versionaffected	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. Affected versions Up to (excluding) 15.1
CVE-2024-44219	HIGH (7.5)	2026-04-02	Current versionaffected	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information. Affected versions Up to (excluding) 15.1
CVE-2024-40858	HIGH (7.1)	2026-04-02	Current versionaffected	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent. Affected versions Up to (excluding) 15.1
CVE-2024-40849	HIGH (7.5)	2026-04-02	Current versionaffected	A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox. Affected versions Up to (excluding) 15.1
CVE-2026-28894	HIGH (7.5)	2026-03-25	Current versionnot affected	A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28891	HIGH (8.1)	2026-03-25	Current versionnot affected	A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28876	HIGH (7.5)	2026-03-25	Current versionnot affected	A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user data. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28865	HIGH (7.5)	2026-03-25	Current versionnot affected	An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28855	HIGH (7.5)	2026-03-25	Current versionnot affected	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data. Affected versions From (including) 26.0 - Up to (excluding) 26.3
CVE-2026-28842	HIGH (7.5)	2026-03-25	Current versionnot affected	The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination. Affected versions From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28837	HIGH (7.5)	2026-03-25	Current versionnot affected	A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. Affected versions From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28832	HIGH (8.4)	2026-03-25	Current versionnot affected	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to disclose kernel memory. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28827	CRITICAL (9.3)	2026-03-25	Current versionnot affected	A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28821	HIGH (8.4)	2026-03-25	Current versionnot affected	A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain elevated privileges. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-28817	HIGH (8.1)	2026-03-25	Current versionnot affected	A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A sandboxed process may be able to circumvent sandbox restrictions. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-20701	HIGH (7.5)	2026-03-25	Current versionnot affected	An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-20698	HIGH (7.8)	2026-03-25	Current versionnot affected	The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. Affected versions From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-20688	CRITICAL (9.3)	2026-03-25	Current versionnot affected	A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. Affected versions From (including) 14.0 - Up to (excluding) 14.8.5 From (including) 15.0 - Up to (excluding) 15.7.5 Show 1 more From (including) 26.0 - Up to (excluding) 26.4
CVE-2026-20687	HIGH (7.1)	2026-03-25	Current versionnot affected	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory. Affected versions From (including) 15.0 - Up to (excluding) 15.7.5 From (including) 26.0 - Up to (excluding) 26.4