Multiple vulnerabilities across Apple's ecosystem allow remote attackers to exploit various attack vectors, potentially leading to denial of service, privilege escalation, information disclosure, cross-site scripting, data manipulation, or security restriction bypass. Affected versions include those prior to iOS/iPadOS 26.4 and 18.7.7, macOS Tahoe 26.4, Sequoia 15.7.5, Sonoma 14.8.5, Safari 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4, and Xcode 26.4. Apple has released fixes; administrators must apply the corresponding updates to the listed patched versions for each platform.
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, sensitive information disclosure, cross-site scripting, data manipulation and security restriction bypass on the targeted system. Impact Denial of Service Elevation of Privilege Security Restriction Bypass Information Disclosure Data Manipulation Cross-Site Scripting System / Technologies affected Versions prior to iOS 26.4 and iPadOS 26.4 Versions prior to iOS 18.7.7 and iPadOS 18.7.7 Versions prior to macOS Tahoe 26.4 Versions prior to macOS Sequoia 15.7.5 Versions prior to macOS Sonoma 14.8.5 Versions prior to Safari 26.4 Versions prior to tvOS 26.4 Versions prior to visionOS 26.4 Versions prior to watchOS 26.4 Versions prior to Xcode 26.4 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: iOS 26.4 and iPadOS 26.4 iOS 18.7.7 and iPadOS 18.7.7 macOS Tahoe 26.4 macOS Sequoia 15.7.5 macOS Sonoma 14.8.5 Safari 26.4 tvOS 26.4 visionOS 26.4 watchOS 26.4 Xcode 26.4