wid-sec-w-2026-0852 · Published 2026-03-24 · View on BSI CERT-Bund ↗

Apple iOS: Multiple Vulnerabilities

CVSS 9.8 CRITICAL

Risk Summary

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.

CVEs (43)

CVE-2025-14524 CVE-2025-43376 CVE-2025-43534 CVE-2025-64505 CVE-2026-20637 CVE-2026-20643 CVE-2026-20657 CVE-2026-20664 CVE-2026-20665 CVE-2026-20668 CVE-2026-20687 CVE-2026-20688 CVE-2026-20690 CVE-2026-20691 CVE-2026-20692 CVE-2026-20698 CVE-2026-28822 CVE-2026-28833 CVE-2026-28852 CVE-2026-28856 CVE-2026-28857 CVE-2026-28858 CVE-2026-28859 CVE-2026-28861 CVE-2026-28863 CVE-2026-28864 CVE-2026-28865 CVE-2026-28866 CVE-2026-28867 CVE-2026-28868 CVE-2026-28870 CVE-2026-28871 CVE-2026-28874 CVE-2026-28875 CVE-2026-28876 CVE-2026-28877 CVE-2026-28878 CVE-2026-28879 CVE-2026-28880 CVE-2026-28882 CVE-2026-28886 CVE-2026-28894 CVE-2026-28895

Affected Vendors

Apple

Affected Products (8)

Apple · iOS <26.4

Apple · iOS 26.4

Apple · iOS <18.7.7

Apple · iOS 18.7.7

Apple · iPadOS <18.7.7

Apple · iPadOS 18.7.7

Apple · iPadOS <26.4

Apple · iPadOS 26.4

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more