Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities
Apple released a wide-ranging set of security updates across iOS, iPadOS, macOS Tahoe, watchOS, tvOS, visionOS, Safari, and Xcode, addressing more than 85 vulnerabilities across core components including the kernel, WebKit, AirPlay, Keychain, and open-source libraries. The updates fix issues that could enable traffic interception, kernel state disclosure, user fingerprinting, installed-app enumeration, Mail privacy bypasses, exposure of deleted Notes content, and crashes from out-of-bounds writes. Apple said it had no reports of in-the-wild exploitation for the vulnerabilities listed in the release notes, but urged users to update, with particular importance for older devices and managed macOS environments.
Among the patched flaws is CVE-2024-27828, a high-severity memory-handling bug in IOSurfaceRoot that could let a local app trigger a kernel panic or execute arbitrary code with kernel privileges. STAR Labs said the issue stemmed from a reference count leak in IOSurfaceRootUserClient::s_create_shared_event, where repeated calls with crafted input could corrupt memory handling; the flaw affected iOS and iPadOS before 17.5, tvOS before 17.5, watchOS before 10.5, and visionOS before 1.2. Apple addressed the bug through improved memory handling, adding it to a broader pattern of fixes spanning both current and legacy Apple platforms.
Timeline
Mar 26, 2026
Apple releases broad security update wave fixing 85+ vulnerabilities
Apple released iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, watchOS 26.4, tvOS 26.4, visionOS 26.4, Safari 26.4, and Xcode 26.4, fixing more than 85 vulnerabilities across its product line. The reported issues included AirPlay, kernel, privacy, Keychain, WebKit, and legacy-device flaws, with no listed CVEs reported as exploited in the wild.
May 13, 2024
STAR Labs publishes technical advisory for CVE-2024-27828
STAR Labs disclosed technical details for CVE-2024-27828, explaining that repeated calls to IOSurfaceRootUserClient::s_create_shared_event could cause a reference count leak leading to kernel panic or kernel-level code execution. The advisory credited Pan Zhenpeng with discovering the flaw.
May 13, 2024
Apple fixes CVE-2024-27828 in multiple operating systems
Apple addressed CVE-2024-27828, a high-severity IOSurfaceRoot memory handling flaw, in iOS/iPadOS 17.5, tvOS 17.5, watchOS 10.5, and visionOS 1.2. The vulnerability could allow a local app to trigger a kernel panic or execute arbitrary code with kernel privileges.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Apple security updates addressing actively exploited iOS and macOS vulnerabilities
Apple published multiple security advisories across iOS/iPadOS, macOS, and watchOS releases that include fixes for vulnerabilities reported as **actively exploited** in the wild. Notable exploited issues include iOS/iPadOS 15.6.1 fixes for **kernel** and **WebKit** out-of-bounds writes enabling arbitrary code execution (`CVE-2022-32894`, `CVE-2022-32893`), iOS/iPadOS 16.3.1’s exploited **WebKit** type confusion leading to code execution (`CVE-2023-23529`), and iOS/iPadOS 15.7.5 plus macOS Big Sur 11.7.6 addressing an **IOSurfaceAccelerator** out-of-bounds write that could yield kernel-level code execution (`CVE-2023-28206`) alongside an exploited **WebKit** use-after-free (`CVE-2023-28205`). Apple also shipped iOS/iPadOS 16.6.1 and macOS Ventura 13.5.2 updates to remediate an exploited **ImageIO** buffer overflow (`CVE-2023-41064`) and an exploited **Wallet** attachment validation issue that could allow code execution (`CVE-2023-41061`). Separately, Apple’s iOS 17.0.1 and watchOS 9.6.3 advisories describe two vulnerabilities (`CVE-2023-41991`, `CVE-2023-41992`) reported by **Citizen Lab** and Google’s **Threat Analysis Group** as exploited against versions prior to iOS 16.7, involving **signature validation bypass** and **local privilege escalation**. Other referenced advisories (e.g., iOS/iPadOS 16.7, iOS/iPadOS 17.2, iOS/iPadOS 18.1, iOS/iPadOS 18.3, macOS Sequoia 15.1, iOS/iPadOS 26.1, macOS Tahoe 26.1, iOS/iPadOS 26.2) primarily enumerate additional CVEs and privacy/logic/memory-safety fixes but do not clearly tie to the same specific exploited-vulnerability disclosures, indicating they are broader platform security bulletins rather than part of a single incident response.
1 months ago
Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw
Apple issued security updates across its ecosystem to address **multiple vulnerabilities** affecting *iOS, iPadOS, macOS, tvOS, watchOS,* and *visionOS*, with impacts including **remote code execution (RCE)**, denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted **CVE-2026-20700** as a **high-risk** issue and noted it is **being exploited in the wild**; the flaw is described as an **improper restriction of operations within the bounds of a memory buffer** that could allow arbitrary code execution when an attacker has memory-write capability. Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., **CVE-2026-20645** and **CVE-2026-20674**) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (**CVE-2026-20650**). The updates apply to **iPhone 11 and later** and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.
1 weeks ago
Apple Fixes Multiple Kernel, WebKit, and Data Exposure Flaws in iOS, iPadOS, and watchOS
Apple released security updates for **iOS 18.7.7**, **iPadOS 18.7.7**, and **watchOS 26.4** to address a wide range of vulnerabilities affecting supported iPhones, iPads, and Apple Watch Series 6 and later. The patches cover core components including **Kernel**, **WebKit**, **Security**, **CoreMedia**, **CoreUtils**, **Audio**, **802.1X**, and **UIFoundation**, with Apple warning that successful exploitation could enable network traffic interception, denial of service, unauthorized access to sensitive data, installed-app enumeration, Keychain access, kernel memory disclosure, and in some cases kernel memory write or Activation Lock bypass.
1 months ago