Apple: Security Vulnerabilities
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information. This vulnerability has been identified by the vendor as: V-2022-008 — Secrets Leaked in Logs.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-09-19
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-16
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-16
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-09-15
The issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to monitor keystrokes without user permission.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-15
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8. An app may be able to access protected user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-09-15
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-09-15