Apple macOS vulnerabilities

CVE-2025-30445 [MEDIUM] CWE-843 CVE-2025-30445: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadO A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

CVE-2025-31197 [MEDIUM] CWE-416 CVE-2025-31197: The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

CVE-2025-31203 [MEDIUM] CWE-190 CVE-2025-31203: An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 an An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.

CVE-2025-24179 [MEDIUM] CWE-476 CVE-2025-24179: A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.

CVE-2025-24251 [MEDIUM] CWE-476 CVE-2025-24251: The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app termination.

CVE-2025-24271 [MEDIUM] CWE-306 CVE-2025-24271: An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.

CVE-2025-31201 [CRITICAL] CWE-1220 CVE-2025-31201: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPad This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely soph

CVE-2025-31200 [CRITICAL] CWE-119 CVE-2025-31200: A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18 A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited

CVE-2023-42875 [HIGH] CWE-94 CVE-2023-42875: Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadO Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

CVE-2023-42977 [HIGH] CWE-20 CVE-2023-42977: A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPad A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.

CVE-2023-42970 [HIGH] CWE-416 CVE-2023-42970: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

CVE-2023-41076 [HIGH] CWE-269 CVE-2023-41076: An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code.

CVE-2023-38614 [MEDIUM] CWE-269 CVE-2023-38614: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iP A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-42961 [MEDIUM] CWE-22 CVE-2023-42961: A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPad A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2023-42982 [MEDIUM] CWE-125 CVE-2023-42982: Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issu Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.

CVE-2023-42981 [MEDIUM] CWE-20 CVE-2023-42981: Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issu Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.

CVE-2023-42983 [MEDIUM] CWE-400 CVE-2023-42983: Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issu Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.

CVE-2023-42969 [LOW] CWE-284 CVE-2023-42969: An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16. An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.

CVE-2025-24207 [CRITICAL] CWE-276 CVE-2025-24207: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to enable iCloud storage features without user consent.

CVE-2025-24181 [CRITICAL] CWE-862 CVE-2025-24181: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.