本頁列出影響 apple xcode 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-28890 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination. | [email protected] | 5.5 | 0.02% | 2026-03-25 | 2026-03-26 |
| CVE-2026-28889 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root. | [email protected] | 6.2 | 0.01% | 2026-03-25 | 2026-03-26 |
| CVE-2025-31186 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences. | [email protected] | 3.3 | 0.01% | 2026-01-16 | 2026-01-27 |
| CVE-2025-43505 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption. | [email protected] | 8.8 | 0.05% | 2025-11-04 | 2025-11-04 |
| CVE-2025-43504 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service. | [email protected] | 4.9 | 0.06% | 2025-11-04 | 2025-11-04 |
| CVE-2025-43375 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | [email protected] | 5.5 | 0.05% | 2025-09-15 | 2025-11-03 |
| CVE-2025-43371 | This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox. | [email protected] | 8.2 | 0.02% | 2025-09-15 | 2025-11-03 |
| CVE-2025-43370 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | [email protected] | 4.0 | 0.02% | 2025-09-15 | 2025-11-03 |
| CVE-2025-43263 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | [email protected] | 7.1 | 0.02% | 2025-09-15 | 2025-11-03 |
| CVE-2025-48384 KEV | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in | [email protected] | 8.0 | 0.60% | 2025-07-08 | 2025-11-06 |
| CVE-2025-30441 | This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files. | [email protected] | 5.5 | 0.16% | 2025-03-31 | 2025-11-03 |
| CVE-2025-24226 | The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information. | [email protected] | 5.5 | 0.08% | 2025-03-31 | 2025-11-03 |
| CVE-2024-44228 | This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | [email protected] | 7.5 | 0.18% | 2024-10-28 | 2025-03-13 |
| CVE-2024-44191 | This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth. | [email protected] | 5.5 | 0.04% | 2024-09-17 | 2026-04-02 |
| CVE-2024-44162 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | [email protected] | 7.8 | 0.09% | 2024-09-17 | 2025-11-04 |
| CVE-2024-40862 | A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer. | [email protected] | 5.3 | 0.17% | 2024-09-17 | 2025-11-04 |
| CVE-2024-23298 | A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An app may bypass Gatekeeper checks. | [email protected] | 5.5 | 1.49% | 2024-03-15 | 2026-04-02 |
| CVE-2023-40435 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | [email protected] | 5.5 | 0.05% | 2023-09-27 | 2025-11-04 |
| CVE-2023-40391 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | [email protected] | 5.5 | 0.02% | 2023-09-27 | 2025-11-04 |
| CVE-2023-32396 | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | [email protected] | 7.8 | 0.02% | 2023-09-27 | 2025-11-04 |