Apple has disclosed additional details on security vulnerabilities patched in older operating system versions, including iOS 26, iPadOS 26, visionOS 26, watchOS 26, iOS 18.7, iPadOS 18.7, macOS 14.8, and macOS 14.8.2, updating its security releases page to provide enterprise IT teams with critical context for assessing legacy device risk.
Siri Flaw Exposed Private Tabs
Among the most notable additions is a Siri vulnerability in iOS 26 that allowed unauthorized access to Private Tabs without proper authentication. Apple resolved the issue by improving state management, ensuring that sensitive browsing data remains protected even when Siri is invoked on a locked device. This patch is particularly relevant for organizations enforcing strict data privacy policies.
For iOS 18.7 and iPadOS 18.7, Apple confirmed a call history issue that enabled apps to fingerprint users through metadata analysis. The fix applied improved redaction of sensitive information, closing a vector that could have been exploited for user tracking across enterprise-managed devices.
macOS 14.8 Patches CoreServices, FaceTime, and Privilege Escalation
Multiple macOS 14.8 fixes were added, addressing two CoreServices vulnerabilities. One allowed apps to modify protected parts of macOS, resolved through additional restrictions. The second was a logic flaw that enabled apps to access sensitive user data, fixed with improved validation. Both pose risks to enterprise endpoints where application sandboxing is critical.
Apple also patched a FaceTime vulnerability that caused incoming calls to appear on a locked Mac with notifications disabled, potentially leaking caller information. A Phone issue that granted apps access to sensitive user data was corrected through enhanced data redaction. The most severe macOS 14.8 fix addressed a StorageKit vulnerability that allowed apps to gain root privileges, mitigated through improved checks.
Legacy System Implications
macOS 14.8.2 security details were updated with an entry for a SQLite vulnerability resolved by a third party. While these disclosures focus on older OS versions—not the latest iOS 26.5, iOS 18.7.9, or macOS 14.8.7—they provide essential intelligence for security teams managing heterogeneous fleets. The updates underscore that unpatched legacy systems remain a significant attack surface, reinforcing the need for rigorous patch management across all supported OS generations.
— Originally reported by AppleInsider. Adapted and republished with editorial context for MacThreat.
![Apple adds new CVE details to several macOS, iOS, iPadOS, visionOS, and watchOS updates [U]](https://macthreat.com/wp-content/uploads/2026/05/apple-adds-new-cve-details-to-several-macos-ios-ipados-visio-1779854592-330x220.jpg)
