Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
Apple's operating systems (watchOS, iOS, iPadOS, macOS, visionOS, and tvOS) contain an improper locking vulnerability (a flaw that fails to properly control access to shared memory between processes), which allows a malicious application to make unexpected changes to memory that multiple programs use. This vulnerability is currently being exploited by attackers in real-world attacks.
Fix: Apply mitigations per Apple's vendor instructions using the provided support links, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The due date for remediation is 2026-04-03.
CISA Known Exploited VulnerabilitiesMLX is an array framework for machine learning on Apple silicon that has a vulnerability where loading malicious GGUF files (a machine learning model format) causes a segmentation fault (a crash where the program tries to access invalid memory). The problem occurs because the code dereferences an untrusted pointer (uses a memory address without checking if it's valid) from an external library without validation.
MLX is an array framework (a software library for handling arrays of data in machine learning) for Apple silicon computers. Before version 0.29.4, the software had a heap buffer overflow (a memory safety bug where the program reads beyond allocated memory) in its file-loading function when processing malicious NumPy .npy files (a common data format in machine learning), which could crash the program or leak sensitive information.
CVE-2019-8760 is a vulnerability in Face ID (Apple's facial recognition system) where a 3D model made to look like an enrolled user could trick the system into unlocking a device. The vulnerability is classified as an improper authentication issue (CWE-287, a weakness in how systems verify identity).
A buffer overflow vulnerability (a programming error where data overflows its allocated memory space) affects multiple Apple products including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS. A malicious app could exploit this to crash the system or write malicious code directly into kernel memory (the core of the operating system). This vulnerability is actively being exploited by attackers in the wild.
Fix: Apply mitigations per Apple's vendor instructions (referenced in support documents), follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The deadline for remediation is April 3, 2026.
CISA Known Exploited VulnerabilitiesApple's iOS, macOS, tvOS, watchOS, and visionOS contain a buffer overflow vulnerability (a flaw where code writes data beyond the intended memory boundaries), which could allow an attacker with memory write access to run arbitrary code (any instructions they choose). This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Refer to Apple's support pages (https://support.apple.com/en-us/126346, https://support.apple.com/en-us/126348, https://support.apple.com/en-us/126351, https://support.apple.com/en-us/126352, https://support.apple.com/en-us/126353) for specific patch or mitigation details.
CISA Known Exploited VulnerabilitiesFix: This issue has been patched in version 0.29.4. Users should update MLX to version 0.29.4 or later.
NVD/CVE DatabaseFix: Update MLX to version 0.29.4 or later. The vulnerability has been patched in this version.
NVD/CVE DatabaseFix: This issue is fixed in iOS 13. The fix was addressed by improving Face ID machine learning models (the AI algorithms that help Face ID recognize faces).
NVD/CVE Database