Apple macOS vulnerabilities

CVE-2025-24224 [HIGH] CWE-754 CVE-2025-24224: The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination.

CVE-2025-31277 [HIGH] CWE-119 CVE-2025-31277: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

CVE-2025-43188 [HIGH] CWE-269 CVE-2025-43188: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.

CVE-2025-43270 [HIGH] CWE-284 CVE-2025-43270: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Seq An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may gain unauthorized access to Local Network.

CVE-2025-43254 [HIGH] CWE-125 CVE-2025-43254: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Seq An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2025-43256 [HIGH] CWE-269 CVE-2025-43256: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to gain root privileges.

CVE-2025-43239 [HIGH] CWE-125 CVE-2025-43239: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in ma An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2025-43223 [HIGH] CWE-20 CVE-2025-43223: A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 1 A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.

CVE-2025-31280 [HIGH] CWE-122 CVE-2025-31280: A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequo A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption.

CVE-2025-43224 [HIGH] CWE-787 CVE-2025-43224: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

CVE-2025-31243 [HIGH] CWE-269 CVE-2025-31243: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.

CVE-2025-24119 [HIGH] CWE-269 CVE-2025-24119: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE-2025-43227 [HIGH] CWE-359 CVE-2025-43227: This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.

CVE-2025-43221 [HIGH] CWE-125 CVE-2025-43221: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

CVE-2025-43196 [HIGH] CWE-22 CVE-2025-43196: A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1 A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.

CVE-2025-43240 [MEDIUM] CWE-703 CVE-2025-43240: A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated.

CVE-2025-43211 [MEDIUM] CWE-770 CVE-2025-43211: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.

CVE-2025-43265 [MEDIUM] CWE-125 CVE-2025-43265: An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18 An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.

CVE-2025-43247 [MEDIUM] CWE-732 CVE-2025-43247: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files.

CVE-2025-24188 [MEDIUM] CWE-703 CVE-2025-24188: A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.