Updated CVEs from Tenable

High Severity Description The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. Read more at https://www.tenable.com/cve/CVE-2025-43375

Critical Severity Description The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission. Read more at https://www.tenable.com/cve/CVE-2025-43362

Medium Severity Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory. Read more at https://www.tenable.com/cve/CVE-2025-43366

Medium Severity Description A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. Read more at https://www.tenable.com/cve/CVE-2025-43367

High Severity Description A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. Read more at https://www.tenable.com/cve/CVE-2025-43368

Medium Severity Description This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. Read more at https://www.tenable.com/cve/CVE-2025-43369

High Severity Description A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. Read more at https://www.tenable.com/cve/CVE-2025-43370

High Severity Description This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox. Read more at https://www.tenable.com/cve/CVE-2025-43371

Critical Severity Description The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Read more at https://www.tenable.com/cve/CVE-2025-43372

Critical Severity Description A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all interfaces. Read more at https://www.tenable.com/cve/CVE-2025-43359

Critical Severity Description A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7, macOS Tahoe 26, iOS 26 and iPadOS 26. A shortcut may be able to bypass sandbox restrictions. Read more at https://www.tenable.com/cve/CVE-2025-43358

Medium Severity Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user. Read more at https://www.tenable.com/cve/CVE-2025-43357

Medium Severity Description The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent. Read more at https://www.tenable.com/cve/CVE-2025-43356

High Severity Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted video file may lead to unexpected app termination. Read more at https://www.tenable.com/cve/CVE-2025-43349

High Severity Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption. Read more at https://www.tenable.com/cve/CVE-2025-43353

Medium Severity Description A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data. Read more at https://www.tenable.com/cve/CVE-2025-43354

Critical Severity Description A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause a denial-of-service. Read more at https://www.tenable.com/cve/CVE-2025-43355

Medium Severity Description An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. Read more at https://www.tenable.com/cve/CVE-2025-43337

High Severity Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. Read more at https://www.tenable.com/cve/CVE-2025-43340

High Severity Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges. Read more at https://www.tenable.com/cve/CVE-2025-43341

Critical Severity Description A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. Read more at https://www.tenable.com/cve/CVE-2025-43342

Critical Severity Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. Read more at https://www.tenable.com/cve/CVE-2025-43343

Critical Severity Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause unexpected system termination. Read more at https://www.tenable.com/cve/CVE-2025-43344

Critical Severity Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Read more at https://www.tenable.com/cve/CVE-2025-43346

Critical Severity Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An input validation issue was addressed. Read more at https://www.tenable.com/cve/CVE-2025-43347

High Severity Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges. Read more at https://www.tenable.com/cve/CVE-2025-43333

Medium Severity Description A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. Read more at https://www.tenable.com/cve/CVE-2025-43331

High Severity Description A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox. Read more at https://www.tenable.com/cve/CVE-2025-43332

High Severity Description This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox. Read more at https://www.tenable.com/cve/CVE-2025-43330

Critical Severity Description A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox. Read more at https://www.tenable.com/cve/CVE-2025-43329