Multiple vulnerabilities in Apple products (June 30, 2026)
Multiple vulnerabilities have been discovered in Apple products. Some of them allow an attacker to cause data confidentiality breaches, data integrity breaches, and security policy bypass.
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to cause data confidentiality breaches, data integrity breaches, and security policy bypass.
- Who is affected
- Users of various Apple products are affected.
- Urgency
- Remediation is urgent due to the potential for exploitation, although the severity is currently unknown.
- Action
- Users should apply the necessary updates as soon as they are available.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-437460.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2026-437180.28% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
- Low exploitation riskCVE-2026-437350.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 6% of all scored CVEs.
- Low exploitation riskCVE-2026-437400.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2026-437270.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2026-398680.37% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 29% of all scored CVEs.
- Low exploitation riskCVE-2026-437050.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
- Low exploitation riskCVE-2026-289790.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-437070.31% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 23% of all scored CVEs.
- Low exploitation riskCVE-2026-437170.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownApple Products Multiple Vulnerabilitieshkcert
- unknownNCSC-2026-0215 [1.00] [M/H] Vulnerabilities fixed in Apple iOS and iPadOSncsc-nl
- unknownNCSC-2026-0214 [1.00] [M/H] Vulnerabilities fixed in Apple MacOSncsc-nl
- mediumCVE-2026-43746: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
- mediumCVE-2026-43745: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed…nvd
- mediumCVE-2026-43743: A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2…nvd
- mediumCVE-2026-43742: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
- mediumCVE-2026-43740: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, i…nvd
- highCVE-2026-43735: The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2…nvd
- mediumCVE-2026-43734: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
- mediumCVE-2026-43732: A path handling issue was addressed with improved validation. This issue is fixed in Safari 26…nvd
- highCVE-2026-43731: A use-after-free issue was addressed with improved memory management. This issue is fixed in S…nvd
Recent advisories for Apple products
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownApple Products Multiple Vulnerabilitieshkcert · 2026-07-06
- criticalexploitedCVE-2025-43510: Apple Multiple Products Improper Locking Vulnerabilitycisa-kev · 2026-03-20
- criticalexploitedCVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerabilitycisa-kev · 2026-03-20
- criticalexploitedCVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerabilitycisa-kev · 2026-03-20
- criticalexploitedCVE-2023-43000: Apple Multiple products Use-After-Free Vulnerabilitycisa-kev · 2026-03-05
- criticalexploitedCVE-2021-30952: Apple Multiple Products Integer Overflow or Wraparound Vulnerabilitycisa-kev · 2026-03-05
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10