Apple adds new CVE details to macOS, iOS, iPadOS, visionOS and watchOS security pages

Apple has updated a series of security content pages for macOS, iOS, iPadOS, visionOS and watchOS, adding new CVE details for vulnerabilities addressed across both older and recent software releases.

The update does not appear to represent a new software rollout, but rather a documentation update that gives users, administrators and security researchers more information about issues already patched in earlier releases. Apple’s security documentation states that the company references vulnerabilities by CVE ID where possible, and generally does not disclose or confirm security issues until fixes are available.

Among the affected releases are older branches still receiving security support, including macOS Sonoma, iOS 18 and iPadOS 18. Apple’s security releases page currently lists macOS Sonoma 14.8.7, macOS Sequoia 15.7.7, macOS Tahoe 26.5, watchOS 26.5 and visionOS 26.5 as May 11, 2026 releases.

For iPhone and iPad users, the newly detailed entries include a Siri issue in iOS 26 and iPadOS 26 where Private Browsing tabs could be accessed without authentication. Apple’s page lists the issue as CVE-2025-30468 and notes that the entry was updated on May 26, 2026.

The updated documentation also includes additional macOS Sonoma 14.8 entries covering several system components. These include Call History, CoreServices, FaceTime, Phone and StorageKit issues, with potential impacts ranging from user fingerprinting and sensitive data access to the possibility of root privilege escalation by a malicious app.

Apple also added or updated CVE information for iOS 18.7 and iPadOS 18.7, including a Call History issue that could allow an app to fingerprint the user. The same reporting noted updated entries for visionOS 26 and watchOS 26, including acknowledgements tied to Calendar and Kernel components.

The move highlights Apple’s ongoing support for users who have not moved to the newest major operating system versions. While Apple continues to push newer platforms, older software branches remain important for users on devices that are still supported but may not be running the latest major release.

For consumers, the practical message remains straightforward. Anyone using an iPhone, iPad, Mac, Apple Watch or Vision Pro should ensure their device is running the latest available software version. For IT teams and security professionals, the added CVE data provides greater visibility into the nature of previously patched vulnerabilities and may assist with compliance, risk assessment and patch management.

The expanded documentation also reinforces the broader importance of security updates, especially when vulnerabilities involve protected user data, authentication controls, system permissions or privilege escalation. Even when an update has already been installed, later CVE disclosures can provide important context about the seriousness of the fixes delivered.

Photo Credit: DepositPhotos.com