CNNVD-202509-1890 Information
CNNVD ID
CNNVD-202509-1890
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Apple iOS等都是美国苹果(Apple)公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。 Apple多款产品存在安全漏洞,该漏洞源于缓存处理不当,可能导致网站未经用户同意访问传感器信息。以下产品及版本受到影响:tvOS 26之前版本、Safari 26之前版本、iOS 18.7之前版本和iPadOS 18.7之前版本、visionOS 26之前版本、watchOS 26之前版本、macOS Tahoe 26之前版本、iOS 26之前版本和iPadOS 26之前版本。
Description (English)
Apple iOS and others are American Apple products. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart television operating system. Apple WatchOS is a smart watch operating system. There is a safety loophole in Apple ’ s multiple products, which stems from poor handling of the cache and may lead to access to sensor information without user consent. The following products and versions were affected: pre-tvOS 26, pre-Safari 26, pre-iOS 18.7 and pre-iPados 18.7, pre-visionOS 26, pre-watchOS 26, pre-macOS Tahoe 26, pre-iOS 26 and pre-iPados 26.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
苹果
Published
2025-09-15
Last Modified
2026-02-24
References
http://www.openwall.com/lists/oss-security/2025/09/22/3 https://support.apple.com/en-us/125114 https://support.apple.com/en-us/125115 https://support.apple.com/en-us/125116 https://support.apple.com/en-us/125110 http://seclists.org/fulldisclosure/2025/Sep/57 http://seclists.org/fulldisclosure/2025/Sep/59 https://support.apple.com/en-us/125113 http://seclists.org/fulldisclosure/2025/Sep/49 http://seclists.org/fulldisclosure/2025/Sep/53 http://seclists.org/fulldisclosure/2025/Sep/56 https://support.apple.com/en-us/125108 https://support.apple.com/en-us/125109 https://access.redhat.com/security/cve/cve-2025-43356 https://vigilance.fr/vulnerability/WebKitGTK-WPE-WebKit-information-disclosure-via-Sensor-48305
Patch
https://support.apple.com/en-us/125108
Share on: