CVE-2026-20653

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.3 macOS versions prior to Sonoma 14.8.4 macOS versions prior to Sequoia 15.7.4 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 visionOS versions prior to 26.3

Description A flaw exists in the way directory paths are processed, potentially allowing an application to access sensitive user data. The issue involves a parsing vulnerability that could enable an app to exfiltrate sensitive data, including camera feeds and data protected by Transparency, Consent, and Control (TCC). TCC is a security feature designed to protect user privacy by requiring apps to request permission before accessing certain sensitive data and devices.

Recommendations Update macOS to version 26.3 or later. Update macOS to version 14.8.4 or later. Update macOS to version 15.7.4 or later. Update iOS to version 18.7.5 or later. Update iPadOS to version 18.7.5 or later. Update visionOS to version 26.3 or later.