Apple macOS vulnerabilities

CVE-2025-31262 [MEDIUM] CWE-732 CVE-2025-31262: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to modify protected parts of the file system.

CVE-2025-24184 [MEDIUM] CVE-2025-24184: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.

CVE-2025-30448 [CRITICAL] CWE-862 CVE-2025-30448: This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPa This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.

CVE-2025-24223 [HIGH] CWE-352 CVE-2025-24223: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

CVE-2025-30442 [HIGH] CWE-20 CVE-2025-30442: The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain elevated privileges.

CVE-2025-31244 [HIGH] CWE-693 CVE-2025-31244: A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.

CVE-2025-30453 [HIGH] CWE-280 CVE-2025-30453: The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15. The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges.

CVE-2025-31232 [HIGH] CWE-284 CVE-2025-31232: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS S A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A sandboxed app may be able to access sensitive user data.

CVE-2025-24258 [HIGH] CWE-269 CVE-2025-24258: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain root privileges.

CVE-2025-31224 [HIGH] CWE-693 CVE-2025-31224: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS S A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass certain Privacy preferences.

CVE-2025-31223 [HIGH] CWE-119 CVE-2025-31223: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

CVE-2025-31246 [HIGH] CWE-119 CVE-2025-31246: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, ma The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory.

CVE-2025-31259 [HIGH] CWE-20 CVE-2025-31259: A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to capture a screenshot of an app entering or exiting full screen mode.

CVE-2025-31249 [HIGH] CWE-285 CVE-2025-31249: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.

CVE-2025-31219 [HIGH] CWE-119 CVE-2025-31219: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2025-31234 [HIGH] CWE-119 CVE-2025-31234: The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2025-31222 [HIGH] CWE-269 CVE-2025-31222: A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 1 A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.

CVE-2025-31213 [HIGH] CWE-532 CVE-2025-31213: A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, ma A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.

CVE-2025-31204 [HIGH] CWE-119 CVE-2025-31204: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

CVE-2025-31237 [HIGH] CWE-404 CVE-2025-31237: This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sono This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.