Skip to main content
Mallory

Apple Fixes Multiple Kernel, WebKit, and Data Exposure Flaws in iOS, iPadOS, and watchOS

endpoint-software-vulnerabilitywidely-deployed-product-advisory
Updated April 1, 2026 at 11:48 PM5 sources
Share:
Apple Fixes Multiple Kernel, WebKit, and Data Exposure Flaws in iOS, iPadOS, and watchOS

Get Ahead of Threats Like This

Know if you're exposed. Before adversaries strike.

Apple released security updates for iOS 18.7.7, iPadOS 18.7.7, and watchOS 26.4 to address a wide range of vulnerabilities affecting supported iPhones, iPads, and Apple Watch Series 6 and later. The patches cover core components including Kernel, WebKit, Security, CoreMedia, CoreUtils, Audio, 802.1X, and UIFoundation, with Apple warning that successful exploitation could enable network traffic interception, denial of service, unauthorized access to sensitive data, installed-app enumeration, Keychain access, kernel memory disclosure, and in some cases kernel memory write or Activation Lock bypass.

Timeline

  1. Apr 1, 2026

    Apple expands iOS 18.7.7/iPadOS 18.7.7 rollout with DarkSword protections

    Apple updated its iOS 18.7.7 and iPadOS 18.7.7 security advisory to say the March 24 release was later expanded to more devices so users with Automatic Updates could receive protections against web attacks called DarkSword. Apple also noted the DarkSword-related fixes had first shipped in 2025.

  2. Mar 24, 2026

    Apple releases iOS 26.4 and iPadOS 26.4 security updates

    Apple published advisory APPLE-SA-03-24-2026-1 for iOS 26.4 and iPadOS 26.4, fixing numerous vulnerabilities across components including Kernel, WebKit, Baseband, Telephony, Mail, Security, Siri, Printing, and Accounts. The update addressed risks such as denial of service, sandbox escape, kernel memory corruption, privacy leaks, installed-app enumeration, Keychain exposure, and multiple web security boundary bypasses.

  3. Mar 24, 2026

    Apple releases tvOS 26.4 security update

    Apple published advisory APPLE-SA-03-24-2026-6 for tvOS 26.4 for Apple TV HD and Apple TV 4K models, addressing multiple vulnerabilities across networking, media, kernel, privacy, sandboxing, and WebKit components. The fixes covered risks including traffic interception, denial of service, app crashes, information disclosure, installed-app enumeration, fingerprinting, kernel memory corruption, and sandbox bypass via malicious web content or crafted files.

  4. Mar 24, 2026

    Apple releases watchOS 26.4 security update

    Apple published advisory APPLE-SA-03-24-2026-7 for watchOS 26.4 for Apple Watch Series 6 and later, fixing multiple vulnerabilities across components such as 802.1X, Accounts, CoreMedia, Kernel, Security, Siri, and WebKit. The patched issues included risks like network traffic interception, unauthorized data access, denial of service, kernel memory disclosure, Keychain access, app enumeration, fingerprinting, and WebKit sandbox or policy bypasses.

  5. Mar 24, 2026

    Apple releases iOS 18.7.7 and iPadOS 18.7.7 security updates

    Apple published advisory APPLE-SA-03-24-2026-2 for iOS 18.7.7 and iPadOS 18.7.7, addressing numerous vulnerabilities affecting supported older iPhone and iPad models. The fixes covered issues including traffic interception, denial of service, sensitive data exposure, kernel flaws, Activation Lock bypass, Keychain access, and multiple WebKit security bypasses.

See the full picture in Mallory

Mallory subscribers get deeper analysis on every story, including:

Impact Assessment

Who’s affected and how

Technical Details

Deep-dive technical analysis

Response Recommendations

Actionable next steps for your team

Indicators of Compromise

IPs, domains, hashes, and more

AI Threads

Ask questions and take action on every story

Advanced Filters

Filter by topic, classification, timeframe

Scheduled Alerts

Get matching stories delivered automatically

Related Entities

Vulnerabilities

Kernel sensitive state disclosure in Apple operating systems (CVE-2026-28867)Heap buffer over-read in libpng png_do_quantize (CVE-2025-64505)Denial-of-service in Apple CoreUtils via null pointer dereference (CVE-2026-28886)802.1X authentication flaw allowing network traffic interception (CVE-2026-28865)Use-after-free in Apple Kernel (CVE-2026-20687)WebKit Content Security Policy enforcement bypass (CVE-2026-20665)Out-of-bounds access in Apple CoreMedia audio stream processing (CVE-2026-20690)Use-after-free in Apple Audio web content processing (CVE-2026-28879)Installed App Enumeration in Apple Crash Reporter (CVE-2026-28878)Stack Overflow DoS in Apple UIFoundation (CVE-2026-28852)curl OAuth2 Bearer Token Leak on Cross-Protocol Redirect (CVE-2025-14524)Keychain access permissions flaw in Apple Security Framework (CVE-2026-28864)Kernel memory disclosure in Apple Kernel logging (CVE-2026-28868)WebKit cross-origin script message handler access (CVE-2026-28861)Sensitive Data Access via Directory Path Parsing in Apple DeviceLink (CVE-2026-28876)Cross-site scripting in WebKit (CVE-2026-28871)Sensitive Data Access via Symlink Validation Flaw in Apple Clipboard (CVE-2026-28866)Installed App Enumeration in Apple iCloud (CVE-2026-28880)Same Origin Policy bypass in WebKit Navigation API (CVE-2026-20643)DNS Query Leakage with Private Relay Enabled in Safari/WebKit (CVE-2025-43376)Sensitive data exposure via insufficient log redaction in Apple Focus (CVE-2026-20668)Use-after-free in AppleKeyStore (CVE-2026-20637)Unexpected app termination in Apple Vision file parsing (CVE-2026-20657)Activation Lock bypass in iTunes Store path handling (CVE-2025-43534)Kernel memory corruption in Apple operating systems (CVE-2026-20698)Installed App Enumeration in Apple libxpc (CVE-2026-28882)WebKit sandbox escape-like restricted web content processing vulnerability (CVE-2026-28859)Type confusion in Apple Audio (CVE-2026-28822)Information disclosure in Apple GeoServices (CVE-2026-28870)User fingerprinting in Apple Sandbox Profiles (CVE-2026-28863)Sensitive information disclosure on locked Apple devices via Siri (CVE-2026-28856)

Organizations

Trend MicroRenaultAppleGoogleAnt GroupNosebeard LabsSafranTikTokFuzzingLabsSupernetworks, IncSecuRingTotally Not Malicious SoftwareVoynich Group

Affected Products

IosSafariShortcutsItunesIpadosIcloud

Sources

apple support
About the security content of iOS 18.7.7 and iPadOS 18.7.7 - Apple Support
April 1, 2026 at 12:00 AM
fulldisclosure mailing list
Full Disclosure: APPLE-SA-03-24-2026-7 watchOS 26.4
March 24, 2026 at 12:00 AM
fulldisclosure mailing list
Full Disclosure: APPLE-SA-03-24-2026-6 tvOS 26.4
March 24, 2026 at 12:00 AM
fulldisclosure mailing list
Full Disclosure: APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7
March 24, 2026 at 12:00 AM
fulldisclosure mailing list
Full Disclosure: APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4
March 24, 2026 at 12:00 AM

Related Stories

Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities

Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities

Apple released a wide-ranging set of security updates across **iOS**, **iPadOS**, **macOS Tahoe**, **watchOS**, **tvOS**, **visionOS**, **Safari**, and **Xcode**, addressing more than 85 vulnerabilities across core components including the kernel, WebKit, AirPlay, Keychain, and open-source libraries. The updates fix issues that could enable traffic interception, kernel state disclosure, user fingerprinting, installed-app enumeration, Mail privacy bypasses, exposure of deleted Notes content, and crashes from out-of-bounds writes. Apple said it had no reports of in-the-wild exploitation for the vulnerabilities listed in the release notes, but urged users to update, with particular importance for older devices and managed macOS environments. Among the patched flaws is **`CVE-2024-27828`**, a high-severity memory-handling bug in **IOSurfaceRoot** that could let a local app trigger a kernel panic or execute arbitrary code with kernel privileges. STAR Labs said the issue stemmed from a reference count leak in `IOSurfaceRootUserClient::s_create_shared_event`, where repeated calls with crafted input could corrupt memory handling; the flaw affected iOS and iPadOS before 17.5, tvOS before 17.5, watchOS before 10.5, and visionOS before 1.2. Apple addressed the bug through improved memory handling, adding it to a broader pattern of fixes spanning both current and legacy Apple platforms.

1 weeks ago
Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw

Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw

Apple issued security updates across its ecosystem to address **multiple vulnerabilities** affecting *iOS, iPadOS, macOS, tvOS, watchOS,* and *visionOS*, with impacts including **remote code execution (RCE)**, denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted **CVE-2026-20700** as a **high-risk** issue and noted it is **being exploited in the wild**; the flaw is described as an **improper restriction of operations within the bounds of a memory buffer** that could allow arbitrary code execution when an attacker has memory-write capability. Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., **CVE-2026-20645** and **CVE-2026-20674**) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (**CVE-2026-20650**). The updates apply to **iPhone 11 and later** and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.

1 weeks ago
Apple security updates addressing actively exploited iOS and macOS vulnerabilities

Apple security updates addressing actively exploited iOS and macOS vulnerabilities

Apple published multiple security advisories across iOS/iPadOS, macOS, and watchOS releases that include fixes for vulnerabilities reported as **actively exploited** in the wild. Notable exploited issues include iOS/iPadOS 15.6.1 fixes for **kernel** and **WebKit** out-of-bounds writes enabling arbitrary code execution (`CVE-2022-32894`, `CVE-2022-32893`), iOS/iPadOS 16.3.1’s exploited **WebKit** type confusion leading to code execution (`CVE-2023-23529`), and iOS/iPadOS 15.7.5 plus macOS Big Sur 11.7.6 addressing an **IOSurfaceAccelerator** out-of-bounds write that could yield kernel-level code execution (`CVE-2023-28206`) alongside an exploited **WebKit** use-after-free (`CVE-2023-28205`). Apple also shipped iOS/iPadOS 16.6.1 and macOS Ventura 13.5.2 updates to remediate an exploited **ImageIO** buffer overflow (`CVE-2023-41064`) and an exploited **Wallet** attachment validation issue that could allow code execution (`CVE-2023-41061`). Separately, Apple’s iOS 17.0.1 and watchOS 9.6.3 advisories describe two vulnerabilities (`CVE-2023-41991`, `CVE-2023-41992`) reported by **Citizen Lab** and Google’s **Threat Analysis Group** as exploited against versions prior to iOS 16.7, involving **signature validation bypass** and **local privilege escalation**. Other referenced advisories (e.g., iOS/iPadOS 16.7, iOS/iPadOS 17.2, iOS/iPadOS 18.1, iOS/iPadOS 18.3, macOS Sequoia 15.1, iOS/iPadOS 26.1, macOS Tahoe 26.1, iOS/iPadOS 26.2) primarily enumerate additional CVEs and privacy/logic/memory-safety fixes but do not clearly tie to the same specific exploited-vulnerability disclosures, indicating they are broader platform security bulletins rather than part of a single incident response.

1 months ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed. Before adversaries strike.