// #apple
7 articles
Apple's Retroactive CVE Disclosure Practice Creates Systematic Gaps in Enterprise Patch Management
Apple's habit of retroactively adding CVE details to previously published security advisories creates operational complexity for enterprise vulnerability management programmes: vulnerabilities appear as 'new' in CVE feeds after they have already been patched in deployed OS versions, generating false-positive remediation workflows and obscuring the true patch state of Apple endpoints.
Apple Retroactively Publishes CVE Details for macOS, iOS, and visionOS — Including Root Escalation and Siri Privacy Bypass
Apple updated multiple security pages on 26 May to add CVE identifiers and technical details for vulnerabilities that were patched weeks or months earlier with minimal public disclosure. The retroactively disclosed issues include a CoreServices root escalation via malicious app, a Siri Private Browsing bypass, and a call history fingerprinting flaw — none were disclosed as separate security updates at the time of patching.
Apple Releases Safari and WebKit Security Update Patching Memory Corruption and CSP Bypass Vulnerabilities
Apple released a security update for Safari and WebKit on 13 May addressing more than ten vulnerabilities including memory corruption flaws enabling potential arbitrary code execution and a Content Security Policy bypass allowing cross-origin data access. The update applies to macOS Ventura, Sonoma, Sequoia, iOS, and iPadOS. Users should update immediately given WebKit's role as the rendering engine for all iOS browsers.
MacSync Stealer Delivered via Malicious Google Ad Targeting macOS Homebrew Users
A macOS infostealer tracked as MacSync has been distributed through a malicious Google search advertisement impersonating the Homebrew package manager — a tool used by virtually all macOS developers. The campaign harvests browser credentials, session tokens, macOS keychain data, and cryptocurrency wallet files from developer machines. macOS users who installed Homebrew via a Google search in the past 30 days should verify their installation source.
26 Fake Crypto Wallet Apps Found on Apple App Store Harvesting Mnemonic Seed Phrases
Researchers have discovered 26 malicious applications that bypassed Apple's App Store review and actively harvest cryptocurrency wallet seed phrases from victims. Users who installed any suspect app should rotate all wallet credentials immediately — mnemonic phrase compromise results in permanent, irreversible asset loss.
Apple macOS CoreMedia Out-of-Bounds Write RCE Disclosed — Remote Exploitation via Malicious Media Files
Zero Day Initiative researchers have disclosed ZDI-26-230, an out-of-bounds write vulnerability in the Apple macOS CoreMedia framework that could allow remote code execution when a user processes a specially crafted media file. A companion vulnerability ZDI-26-231 discloses a separate macOS information disclosure flaw. Both were disclosed on 30 March 2026 following Apple's 120-day coordinated disclosure window.
DarkSword Apple Exploit Chain Adds Three CVEs to CISA KEV — Federal Deadline April 3
CISA has added three vulnerabilities from the DarkSword iOS/macOS exploit chain to its Known Exploited Vulnerabilities catalogue, mandating federal agencies patch all Apple devices by 3 April. DarkSword is a multi-stage attack framework linking six chained vulnerabilities to achieve full kernel compromise across iOS, iPadOS, macOS, watchOS, and tvOS — with no user interaction required beyond visiting a malicious webpage.