-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-11-03-2025-7 visionOS 26.1
visionOS 26.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125638. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Account Available for: Apple Vision Pro (all models) Impact: A malicious app may be able to take a screenshot of sensitive information in embedded views Description: A privacy issue was addressed with improved checks. CVE-2025-43455: Ron Masas of BreakPoint.SH, Pinak Oza Apple Neural Engine Available for: Apple Vision Pro (all models) Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: The issue was addressed with improved memory handling. CVE-2025-43447: an anonymous researcher CVE-2025-43462: an anonymous researcher AppleMobileFileIntegrity Available for: Apple Vision Pro (all models) Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks. CVE-2025-43379: Gergely Kalman (@gergely_kalman) Assets Available for: Apple Vision Pro (all models) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved entitlements. CVE-2025-43407: JZ Audio Available for: Apple Vision Pro (all models) Impact: An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging Description: A logging issue was addressed with improved data redaction. CVE-2025-43423: Duy Trần (@khanhduytran0) CloudKit Available for: Apple Vision Pro (all models) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved validation of symlinks. CVE-2025-43448: Hikerell (Loadshine Lab) CoreServices Available for: Apple Vision Pro (all models) Impact: An app may be able to enumerate a user's installed apps Description: A permissions issue was addressed with additional restrictions. CVE-2025-43436: Zhongcheng Li from IES Red Team of ByteDance CoreText Available for: Apple Vision Pro (all models) Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative FileProvider Available for: Apple Vision Pro (all models) Impact: An app may be able to access sensitive user data Description: An authorization issue was addressed with improved state management. CVE-2025-43498: pattern-f (@pattern_F_) Find My Available for: Apple Vision Pro (all models) Impact: An app may be able to fingerprint the user Description: A privacy issue was addressed by moving sensitive data. CVE-2025-43507: iisBuri Installer Available for: Apple Vision Pro (all models) Impact: An app may be able to fingerprint the user Description: A permissions issue was addressed with additional restrictions. CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance Kernel Available for: Apple Vision Pro (all models) Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling. CVE-2025-43398: Cristian Dinca (icmd.tech) libxpc Available for: Apple Vision Pro (all models) Impact: A sandboxed app may be able to observe system-wide network connections Description: An access issue was addressed with additional sandbox restrictions. CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org Mail Drafts Available for: Apple Vision Pro (all models) Impact: Remote content may be loaded even when the 'Load Remote Images' setting is turned off Description: The issue was addressed by adding additional logic. CVE-2025-43496: Romain Lebesle, Himanshu Bharti @Xpl0itme From Khatima Model I/O Available for: Apple Vision Pro (all models) Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2025-43386: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43385: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43384: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43383: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative Notes Available for: Apple Vision Pro (all models) Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed by removing the vulnerable code. CVE-2025-43389: Kirin (@Pwnrin) On-device Intelligence Available for: Apple Vision Pro (all models) Impact: An app may be able to fingerprint the user Description: A privacy issue was addressed by removing sensitive data. CVE-2025-43439: Zhongcheng Li from IES Red Team of ByteDance Safari Available for: Apple Vision Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved checks. CVE-2025-43493: @RenwaX23 Safari Available for: Apple Vision Pro (all models) Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2025-43503: @RenwaX23 Safari Available for: Apple Vision Pro (all models) Impact: An app may be able to bypass certain Privacy preferences Description: A privacy issue was addressed by removing sensitive data. CVE-2025-43502: an anonymous researcher Sandbox Profiles Available for: Apple Vision Pro (all models) Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved handling of user preferences. CVE-2025-43500: Stanislav Jelezoglo WebKit Available for: Apple Vision Pro (all models) Impact: A malicious website may exfiltrate data cross-origin Description: The issue was addressed with improved checks. WebKit Bugzilla: 276208 CVE-2025-43480: Aleksejs Popovs WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed through improved state management. WebKit Bugzilla: 296693 CVE-2025-43458: Phil Beauvoir WebKit Bugzilla: 298196 CVE-2025-43430: Google Big Sleep WebKit Bugzilla: 298628 CVE-2025-43427: Gary Kwong, rheza (@ginggilBesel) WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks. WebKit Bugzilla: 299843 CVE-2025-43443: an anonymous researcher WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298496 CVE-2025-43441: rheza (@ginggilBesel) WebKit Bugzilla: 299391 CVE-2025-43435: Justin Cohen of Google WebKit Bugzilla: 298851 CVE-2025-43425: an anonymous researcher WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks WebKit Bugzilla: 298126 CVE-2025-43440: Nan Wang (@eternalsakura13) WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 297662 CVE-2025-43438: shandikri working with Trend Micro Zero Day Initiative WebKit Bugzilla: 298606 CVE-2025-43457: Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Bugzilla: 297958 CVE-2025-43434: Google Big Sleep WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298093 CVE-2025-43433: Google Big Sleep WebKit Bugzilla: 298194 CVE-2025-43431: Google Big Sleep WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 299313 CVE-2025-43432: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A buffer overflow was addressed with improved bounds checking. WebKit Bugzilla: 298232 CVE-2025-43429: Google Big Sleep WebKit Available for: Apple Vision Pro (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: Multiple issues were addressed by disabling array allocation sinking. WebKit Bugzilla: 300718 CVE-2025-43421: Nan Wang (@eternalsakura13) WebKit Canvas Available for: Apple Vision Pro (all models) Impact: A website may exfiltrate image data cross-origin Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 297566 CVE-2025-43392: Tom Van Goethem Additional recognition Mail We would like to acknowledge an anonymous researcher for their assistance. MobileInstallation We would like to acknowledge Bubble Zhang for their assistance. Safari We would like to acknowledge Barath Stalin K for their assistance. Safari Downloads We would like to acknowledge Saello Puza for their assistance. Shortcuts We would like to acknowledge BanKai, Benjamin Hornbeck, Chi Yuan Chang of ZUSO ART and taikosoup, Ryan May, Andrew James Gonzalez, an anonymous researcher for their assistance. WebKit We would like to acknowledge Enis Maholli (enismaholli.com), Google Big Sleep for their assistance. Instructions on how to update visionOS are available at https://support.apple.com/kb/HT214009 To check the software version on your Apple Vision Pro, open the Settings app and choose General > About. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkJTcsACgkQ4Ifiq8DH 7PUy0w/+LcWRGAq5VdEPzdd/PPp4saeIsgeLVefsSP55MzhjB5d5CEMj0bpezcX2 EIKf8A3AABKI9oL5vVeEIMXVCi1q6rIC+wXEycu8/ZJqjds0k0kVqG3gJNij7H2F fUWg5hHQcgJDepjYYAV3xl7XG61R0h6q6SsyUvpwkFQ9YTRx25qo12S2ng4rFIu6 n2wRTS+wZH2EcuUHrvDCpaOdxJl3ZNj3ZlirNrSm1QsbZn5Lg972J1+xGrEs+8u4 osh804xFDudQxBty+ZOQg6KuocUDQMfTEt90oYoAow3PErhhBvJKIDMSVJ8DhTj6 f5XCAt4q+jppQnysnbded7UI2CpQwl61dZ+rdjBfUtghSQM0SH4FN7xlVgKfmJz3 fB90ox2o0oYenYlhLIYUIu6RFWAzxo2Wu3Sai90wm6F719IiTfrztVFTxBUWTmfD wxR+Z1tmiOyuswF6LBnr+EB3yf+UQoYkDe062Y2ZzBpUwkhYXkYhAofw/koCmXTA sceNRwAh9nmKysoSPXHzi7E9tIdogdj7ACT5be8+2JJNGiTvNWGqpOFJzX+xtHZT 9L79LCzmxpFLpSBgwJCPoBO9HpzxvqM4Ya9pPLeMr93gfxcYjosSOZSPNu9w3WFk KgfYO/GULH6BqZfSKCGaJLfTGb6oXjzvEhCPWtWmjIGHJJOxJuQ= =ZA5l -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
