Apple macOS vulnerabilities

CVE-2025-30452 [CRITICAL] CWE-20 CVE-2025-30452: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonom The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An input validation issue was addressed.

CVE-2025-24273 [CRITICAL] CWE-787 CVE-2025-24273: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2025-24250 [CRITICAL] CWE-200 CVE-2025-24250: This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15. This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data.

CVE-2025-30433 [CRITICAL] CWE-284 CVE-2025-30433: This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPad This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

CVE-2025-30457 [CRITICAL] CWE-59 CVE-2025-30457: This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to create symlinks to protected regions of the disk.

CVE-2025-24178 [CRITICAL] CVE-2025-24178: This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox.

CVE-2025-24246 [CRITICAL] CWE-200 CVE-2025-24246: An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4 An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.

CVE-2025-24263 [CRITICAL] CWE-200 CVE-2025-24263: A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.

CVE-2025-30461 [CRITICAL] CWE-862 CVE-2025-30461: An access issue was addressed with additional sandbox restrictions on the system pasteboards. This i An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

CVE-2025-24233 [CRITICAL] CWE-863 CVE-2025-24233: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to read or write to protected files.

CVE-2025-31194 [CRITICAL] CWE-862 CVE-2025-31194: An authentication issue was addressed with improved state management. This issue is fixed in macOS S An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A Shortcut may run with admin privileges without authentication.

CVE-2025-24238 [CRITICAL] CWE-276 CVE-2025-24238: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, m A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.

CVE-2025-30424 [CRITICAL] CWE-200 CVE-2025-30424: A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15. A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a conversation in Messages may expose user contact information in system logging.

CVE-2025-24237 [CRITICAL] CWE-120 CVE-2025-24237: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and i A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.

CVE-2025-30444 [CRITICAL] CWE-362 CVE-2025-30444: A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, mac A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.

CVE-2025-24256 [CRITICAL] CWE-125 CVE-2025-24256: The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4, macO The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to disclose kernel memory.

CVE-2025-24253 [CRITICAL] CWE-200 CVE-2025-24253: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

CVE-2025-24204 [CRITICAL] CWE-200 CVE-2025-24204: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

CVE-2025-24269 [CRITICAL] CWE-400 CVE-2025-24269: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination.

CVE-2025-24190 [CRITICAL] CWE-400 CVE-2025-24190: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.