苹果今天更新了 macOS、iOS、iPadOS、visionOS 和 watchOS 多个版本的安全内容页面,为这些更新中修复的漏洞新增了 CVE 细节。下面是具体情况。
为新旧系统版本补充更多细节
去年9月,苹果发布了 macOS 14.8 Sonoma、iOS 18.7 和 iPadOS 18.7,这些更新包含了重要的安全修复,其中一些漏洞可能让攻击者获取受保护的用户数据。
之后,苹果又为 macOS Sonoma 发布了六次更新,目前版本已经到了 14.8.7(中间跳过了 14.8.6)。同样,没升级到新大版本的 iPhone 和 iPad 用户也持续收到更新,iOS 18 和 iPadOS 18 现在已经到 18.7.9 了。
对于 Apple Watch 和 Apple Vision Pro 用户,苹果去年也推出了 watchOS 26 和 visionOS 26,除了带来不少新功能外,还包含了重要的安全修复。
今天,苹果更新了这些系统版本(以及其他一些版本)的安全内容页面,补充了更多关于修复内容和对应 CVE 的细节。
以下是今天在 iOS 26 和 iPadOS 26 安全内容页面新增的安全修复:
Siri
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2025-30468: Richard Hyunho Im (@richeeta), Jiwon ParkCalendar
We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.
以下是 visionOS 26 和 watchOS 26 安全内容页面新增的内容:
Calendar
We would like to acknowledge Keisuke Chinone (Iroiro) and Rosyna Keller of Totally Not Malicious Software for their assistance.
Kernel
We would like to acknowledge Sungwoo Kim, Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.
以下是 macOS Sonoma 14.8 安全内容页面今天新增的安全修复:
Call History
Available for: macOS Sonoma
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)CoreServices
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43290: Zhongcheng Li from IES Red Team of ByteDanceCoreServices
Available for: macOS Sonoma
Impact: A malicious app may be able to access sensitive user data
Description: A logic issue was addressed with improved validation.
CVE-2025-43289: Matej Moravec (@MacejkoMoravec), Kirin (@Pwnrin)FaceTime
Available for: macOS Sonoma
Impact: Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen
Description: This issue was addressed through improved state management.
CVE-2025-31271: Shantanu ThakurPhone
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43508: Wojciech Regula of SecuRing (wojciechregula.blog)StorageKit
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43306: Mickey Jin (@patch1t)
以下是 macOS Sonoma 14.8.2 安全内容页面新增的内容:
SQLite
Available for: macOS Sonoma
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965
另外,iOS 18.7 和 iPadOS 18.7 的安全内容页面也补充了以下内容:
Call History
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)ImageIO
We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.
想了解苹果安全更新的更多信息,可以点击这个链接。
