Apple macOS vulnerabilities

CVE-2025-31238 [HIGH] CWE-119 CVE-2025-31238: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

CVE-2025-31249 [HIGH] CWE-285 CVE-2025-31249: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.

CVE-2025-31222 [HIGH] CWE-269 CVE-2025-31222: A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 1 A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.

CVE-2025-31221 [HIGH] CWE-190 CVE-2025-31221: An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 an An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory.

CVE-2025-31234 [HIGH] CWE-119 CVE-2025-31234: The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2025-31247 [HIGH] CWE-284 CVE-2025-31247: A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An attacker may gain access to protected parts of the file system.

CVE-2025-31195 [MEDIUM] CWE-284 CVE-2025-31195: The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An ap The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.

CVE-2025-24144 [MEDIUM] CWE-200 CVE-2025-24144: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state.

CVE-2025-31258 [MEDIUM] CWE-284 CVE-2025-31258: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.

CVE-2025-31215 [MEDIUM] CWE-20 CVE-2025-31215: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-31250 [MEDIUM] CWE-200 CVE-2025-31250: An information disclosure issue was addressed with improved privacy controls. This issue is fixed in An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.

CVE-2025-24111 [MEDIUM] CWE-119 CVE-2025-24111: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.

CVE-2025-31205 [MEDIUM] CWE-352 CVE-2025-31205: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.

CVE-2025-24155 [MEDIUM] CWE-200 CVE-2025-24155: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, ma The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to disclose kernel memory.

CVE-2025-31226 [MEDIUM] CWE-400 CVE-2025-31226: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, i A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.

CVE-2025-24222 [MEDIUM] CWE-119 CVE-2025-24222: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Pr The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-31245 [MEDIUM] CWE-400 CVE-2025-31245: The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.

CVE-2025-31212 [MEDIUM] CWE-284 CVE-2025-31212: This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.

CVE-2025-30440 [MEDIUM] CWE-863 CVE-2025-30440: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonom The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass ASLR.

CVE-2025-31218 [MEDIUM] CWE-200 CVE-2025-31218: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.