![Apple adds new CVE details to several macOS, iOS, iPadOS, visionOS, and watchOS updates [U]](https://macthreat.com/wp-content/uploads/2026/05/apple-adds-new-cve-details-to-several-macos-ios-ipados-visio-1779854592-860x480.jpg)
Apple has retroactively disclosed dozens of Common Vulnerabilities and Exposures (CVE) entries for security flaws patched across macOS, iOS, iPadOS, visionOS, and watchOS, filling in critical details for updates spanning the past year and including the latest macOS Tahoe 26 release.
Retroactive Disclosure Spans Multiple OS Generations
The updated security content pages cover vulnerabilities addressed as far back as macOS Sonoma 14.8, iOS 18.7, and iPadOS 18.7, which were released in September 2025. Apple has since issued six additional Sonoma updates, bringing the current version to 14.8.7, while iOS 18 and iPadOS 18 now sit at version 18.7.9.
For wearables and spatial computing, Apple also updated the security documentation for watchOS 26 and visionOS 26. These entries include acknowledgments for researchers who discovered vulnerabilities in Calendar, Kernel, and other core system components.
Key Vulnerabilities Across macOS and iOS
Among the newly detailed flaws is CVE-2025-43357, a call history issue affecting both macOS Sonoma and macOS Sequoia, where an app could fingerprint the user. This was resolved through improved redaction of sensitive information, with credit to researchers from Totally Not Malicious Software and Best Buddy Apps.
A particularly notable macOS vulnerability, CVE-2025-31271, allowed incoming FaceTime calls to appear or be accepted on a locked device even with lock screen notifications disabled. Apple addressed this through improved state management. Other critical fixes include CVE-2025-43306, which could let a malicious app gain root privileges via StorageKit, and CVE-2025-43290, a CoreServices permissions issue that could allow file system modification.
On the iOS side, CVE-2025-30468 addressed a Siri vulnerability that could expose Private Browsing tabs without authentication, patched via improved state management.
macOS Tahoe 26 and Broader Implications
The latest macOS Tahoe 26 security content includes fixes for vulnerabilities in AWD and Compression subsystems, both rated as potentially allowing an app to access sensitive user data. The AWD issue (CVE-2025-43451) was resolved by removing the vulnerable code entirely, signaling Apple’s willingness to excise problematic functionality rather than patch around it.
These retroactive disclosures underscore a broader trend: Apple is increasingly transparent about its security posture, but the lag between patch release and CVE publication can leave enterprise IT teams blind to specific risks during critical update windows.
— Originally reported by 9to5Mac. Adapted and republished with editorial context for MacThreat.
