High Threat Security Alert (A25-11-04): Multiple Vulnerabilities in Apple Products


 

Published on: 04 November 2025

Last update on: 23 March 2026

Description:

Apple has released iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, Safari 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1 and Xcode 26.1 to fix the vulnerabilities in various Apple devices. The list of vulnerabilities information can be found at:
https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125635
https://support.apple.com/en-us/125636
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125638
https://support.apple.com/en-us/125639
https://support.apple.com/en-us/125640
https://support.apple.com/en-us/125641

Reports indicated that a tampering vulnerability (CVE-2025-43510) and a denial of service vulnerability (CVE-2025-43520) are being exploited in the wild. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 11 and later
  • iPad 8th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro 11-inch 1st generation and later, Pro 12.9-inch 3rd generation and later
  • macOS Sequoia prior to version 15.7.2
  • macOS Sonoma prior to version 14.8.2
  • macOS Tahoe prior to version 26.1
  • Safari prior to version 26.1
  • tvOS prior to version 26.1
  • visionOS prior to version 26.1
  • watchOS prior to version 26.1
  • Xcode prior to version 26.1

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, elevation of privilege, information disclosure, denial of service, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Patches for affected products are available. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/125632
  • https://support.apple.com/en-us/125634
  • https://support.apple.com/en-us/125635
  • https://support.apple.com/en-us/125636
  • https://support.apple.com/en-us/125637
  • https://support.apple.com/en-us/125638
  • https://support.apple.com/en-us/125639
  • https://support.apple.com/en-us/125640
  • https://support.apple.com/en-us/125641
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49761
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6442
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30465
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31199
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43292
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43294
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43322
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43334 (to CVE-2025-43338)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43348
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43350 (to CVE-2025-43351)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43361
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43364
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43372 (to CVE-2025-43373)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43377 (to CVE-2025-43402)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43404 (to CVE-2025-43409)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43411 (to CVE-2025-43414)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43420 (to CVE-2025-43427)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43429 (to CVE-2025-43436)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43438 (to CVE-2025-43450)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43452
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43454 (to CVE-2025-43455)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43457 (to CVE-2025-43469)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43471 (to CVE-2025-43474)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43476 (to CVE-2025-43481)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43493
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43495 (to CVE-2025-43500)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43502 (to CVE-2025-43507)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53906
  • https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20251105
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43510
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43520


Tag: Apple , iOS , iPadOS , macOS , Safari , tvOS , visionOS , watchOS , Xcode
Tags