Apple macOS vulnerabilities

CVE-2025-43212 [MEDIUM] CWE-119 CVE-2025-43212: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVE-2025-43266 [MEDIUM] CWE-732 CVE-2025-43266: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

CVE-2025-43218 [MEDIUM] CWE-125 CVE-2025-43218: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Seq An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted USD file may disclose memory contents.

CVE-2025-43229 [MEDIUM] CWE-79 CVE-2025-43229: This issue was addressed through improved state management. This issue is fixed in Safari 18.6, macO This issue was addressed through improved state management. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2025-43259 [MEDIUM] CWE-359 CVE-2025-43259: This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2025-43235 [MEDIUM] CWE-400 CVE-2025-43235: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. An The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause a denial-of-service.

CVE-2025-43252 [MEDIUM] CWE-59 CVE-2025-43252: This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.

CVE-2025-43195 [MEDIUM] CWE-20 CVE-2025-43195: An issue existed in the handling of environment variables. This issue was addressed with improved va An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

CVE-2025-6558 [HIGH] CWE-20 CVE-2025-6558: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2025-43200 [MEDIUM] CVE-2025-43200: This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via

CVE-2025-30466 [CRITICAL] CWE-346 CVE-2025-30466: This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy.

CVE-2025-31263 [CRITICAL] CWE-119 CVE-2025-31263: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.

CVE-2025-31189 [HIGH] CWE-693 CVE-2025-31189: A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.

CVE-2025-31199 [MEDIUM] CWE-532 CVE-2025-31199: A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPad A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.

CVE-2025-31261 [MEDIUM] CWE-276 CVE-2025-31261: A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

CVE-2025-31231 [MEDIUM] CWE-200 CVE-2025-31231: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.

CVE-2025-31264 [MEDIUM] CWE-287 CVE-2025-31264: An authentication issue was addressed with improved state management. This issue is fixed in macOS S An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2025-31198 [MEDIUM] CWE-59 CVE-2025-31198: This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A path handling issue was addressed with improved validation.

CVE-2025-24189 [HIGH] CWE-119 CVE-2025-24189: The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption.

CVE-2025-24183 [MEDIUM] CWE-269 CVE-2025-24183: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonom The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local user may be able to modify protected parts of the file system.