Critical Vulnerability Information visionOS 2.6 Release Date: August 29, 2023 CVE IDs: Multiple CVEs, including CVE-2023-41758, CVE-2023-41759, etc. Affected Components: - AFNetworking - CFNetwork - CoreAudio - CoreMedia - CoreMedia Playback - ICU - ImageIO - libxml2 - libxslt - Metal - Model I/O - WebKit Vulnerability Descriptions and Fixes AFNetworking: Memory corruption issue that could lead to unexpected application termination. Fixed via improved memory management. CFNetwork: Memory corruption issue that could lead to unexpected application termination. Fixed via improved memory management and boundary checks. CoreAudio: Memory corruption issue that could lead to unexpected application termination. Fixed via improved memory management. CoreMedia: Race condition issue that could lead to unexpected application termination. Fixed via improved race condition handling. CoreMedia Playback: Out-of-bounds read issue that could lead to unexpected application termination. Fixed via additional parameter validation. ICU: Buffer overflow issue that could lead to unexpected application termination. Fixed via improved input validation. ImageIO: Memory corruption issue that could lead to unexpected application termination. Fixed via improved input validation. libxml2: Memory corruption issue that could lead to unexpected application termination. Fixed via improved boundary checks. libxslt: Memory corruption issue that could lead to unexpected application termination. Fixed via improved boundary checks. Metal: Memory corruption issue that could lead to unexpected application termination. Fixed via improved input validation. Model I/O: Memory corruption issue that could lead to unexpected application termination. Fixed via improved boundary checks. WebKit: Multiple memory corruption issues that could lead to unexpected application termination. Fixed via improved memory management. Acknowledgments Apple thanks multiple security researchers and teams for their contributions, including Google Project Zero, Tencent Blade Team, etc.