Apple Products Multiple Vulnerabilities
CSIRTS triage
- What
- Multiple vulnerabilities exist in Apple products.
- Who is affected
- Users of Apple products.
- Urgency
- Remediation urgency is unclear due to lack of specific details.
- Action
- Monitor for updates from Apple.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20260706
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-289790.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-398680.37% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 29% of all scored CVEs.
- Low exploitation riskCVE-2026-398720.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-436630.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-436760.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-436990.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 15% of all scored CVEs.
- Low exploitation riskCVE-2026-437000.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2026-437010.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-437030.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-437040.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownNCSC-2026-0215 [1.00] [M/H] Vulnerabilities fixed in Apple iOS and iPadOSncsc-nl
- unknownNCSC-2026-0214 [1.00] [M/H] Vulnerabilities fixed in Apple MacOSncsc-nl
- unknownMultiple vulnerabilities in Apple products (June 30, 2026)cert-fr-avis
- mediumCVE-2026-43746: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
- mediumCVE-2026-43745: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed…nvd
- mediumCVE-2026-43743: A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2…nvd
- mediumCVE-2026-43742: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
- mediumCVE-2026-43740: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, i…nvd
- highCVE-2026-43735: The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2…nvd
- mediumCVE-2026-43734: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
- mediumCVE-2026-43732: A path handling issue was addressed with improved validation. This issue is fixed in Safari 26…nvd
- highCVE-2026-43731: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
More from HKCERT Security Bulletins
- unknownJuniper Junos OS Multiple Vulnerabilities2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilities2026-07-09
- unknownPalo Alto Products Multiple Vulnerabilities2026-07-09
- unknownBeyondTrust Products Multiple Vulnerabilities2026-07-08
- unknownDebian Linux Kernel Multiple Vulnerabilities2026-07-06