CVE-2025-24119: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Affects Finder |
| |
|
|
x |
x |
|
|
|
CVE-2025-24188: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects Safari |
| |
|
x |
|
|
|
|
|
CVE-2025-24220: An app may be able to read a persistent device identifier.
Affects Sandbox Profiles |
| |
x |
|
|
|
|
|
|
CVE-2025-24224: A remote attacker may be able to cause unexpected system termination.
Affects Kernel |
| |
x |
|
|
x |
|
|
|
CVE-2025-31229: Passcode may be read aloud by VoiceOver.
Affects Accessibility |
| x |
|
|
|
|
|
|
|
CVE-2025-31243: An app may be able to gain root privileges.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
|
CVE-2025-31273: Processing maliciously crafted web content may lead to memory corruption.
Affects WebKit |
| x |
|
x |
|
|
x |
x |
x |
CVE-2025-31275: A sandboxed process may be able to launch any installed app.
Affects MediaRemote |
| |
|
x |
|
|
|
|
|
CVE-2025-31276: Remote content may be loaded even when the ‘Load Remote Images’ setting is turned off.
Affects Mail Drafts |
| x |
x |
|
|
|
|
|
|
CVE-2025-31278: Processing maliciously crafted web content may lead to memory corruption.
Affects WebKit |
| |
x |
|
|
|
|
|
|
CVE-2025-31279: An app may be able to fingerprint the user.
Affects Find My |
| |
x |
x |
x |
x |
|
|
|
CVE-2025-31280: Processing a maliciously crafted file may lead to heap corruption.
Affects Model I/O |
| |
|
x |
|
|
|
|
|
CVE-2025-31281: Processing a maliciously crafted file may lead to unexpected app termination.
Affects Model I/O |
| x |
|
x |
|
|
|
x |
x |
CVE-2025-43184: A shortcut may be able to bypass sensitive Shortcuts app settings.
Affects Shortcuts |
| |
|
|
x |
x |
|
|
|
CVE-2025-43185: An app may be able to access protected user data.
Affects Voice Control |
| |
|
x |
|
|
|
|
|
CVE-2025-43186: Parsing a file may lead to an unexpected app termination.
Affects afclip |
| x |
|
x |
x |
x |
x |
x |
x |
CVE-2025-43187: Running an hdiutil command may unexpectedly execute arbitrary code.
Affects Disk Images |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43188: A malicious app may be able to gain root privileges.
Affects DiskArbitration |
| |
|
x |
|
|
|
|
|
CVE-2025-43189: A malicious app may be able to read kernel memory.
Affects WebContentFilter |
| |
|
x |
x |
|
|
|
|
CVE-2025-43191: An app may be able to cause a denial-of-service.
Affects Admin Framework |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43192: Account-driven User Enrollment may still be possible with Lockdown Mode turned on.
Affects Managed Configuration |
| |
|
x |
x |
|
|
|
|
CVE-2025-43193: An app may be able to cause a denial-of-service.
Affects SecurityAgent |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43194: An app may be able to modify protected parts of the file system.
Affects PackageKit |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43195: An app may be able to access sensitive user data.
Affects CoreServices |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43196: An app may be able to gain root privileges.
Affects libxpc |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43197: An app may be able to access sensitive user data.
Affects Single Sign-On |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43198: An app may be able to access protected user data.
Affects Dock |
| |
|
x |
x |
|
|
|
|
CVE-2025-43199: A malicious app may be able to gain root privileges.
Affects Core Services |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43202: Processing a file may lead to memory corruption.
Affects libnetcore |
| x |
|
x |
|
|
|
|
|
CVE-2025-43206: An app may be able to access protected user data.
Affects System Settings |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43209: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects ICU |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2025-43210: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Affects CoreMedia |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2025-43211: Processing web content may lead to a denial-of-service.
Affects WebKit |
| x |
x |
x |
|
|
x |
x |
x |
CVE-2025-43212: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects WebKit |
| x |
|
x |
|
|
x |
x |
x |
CVE-2025-43215: Processing a maliciously crafted image may result in disclosure of process memory.
Affects Model I/O |
| |
|
x |
|
|
|
|
|
CVE-2025-43216: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects WebKit |
| x |
x |
x |
|
|
x |
x |
x |
CVE-2025-43217: Privacy Indicators for microphone or camera access may not be correctly displayed.
Affects Accessibility |
| x |
x |
|
|
|
|
|
|
CVE-2025-43218: Processing a maliciously crafted USD file may disclose memory contents.
Affects Model I/O |
| |
|
x |
|
|
|
|
|
CVE-2025-43219: Processing a maliciously crafted image may corrupt process memory.
Affects Model I/O |
| |
|
x |
|
|
|
|
|
CVE-2025-43220: An app may be able to access protected user data.
Affects copyfile |
| |
x |
x |
x |
x |
|
|
|
CVE-2025-43221: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Affects Model I/O |
| x |
|
x |
|
|
|
x |
x |
CVE-2025-43222: An attacker may be able to cause unexpected app termination.
Affects CFNetwork |
| |
x |
x |
x |
x |
|
|
|
CVE-2025-43223: A non-privileged user may be able to modify restricted network settings.
Affects CFNetwork |
| x |
x |
x |
x |
x |
x |
x |
x |
CVE-2025-43225: An app may be able to access sensitive user data.
Affects Notes |
| |
x |
x |
x |
x |
|
|
|
CVE-2025-43227: Processing maliciously crafted web content may disclose sensitive user information.
Affects WebKit |
| x |
|
x |
|
|
x |
x |
x |
CVE-2025-43228: Visiting a malicious website may lead to address bar spoofing.
Affects WebKit |
| x |
|
|
|
|
|
|
|
CVE-2025-43229: Processing maliciously crafted web content may lead to universal cross site scripting.
Affects WebKit |
| |
|
x |
|
|
|
|
|
CVE-2025-43230: An app may be able to access user-sensitive data.
Affects CoreMedia Playback |
| x |
x |
x |
|
|
x |
x |
x |
CVE-2025-43232: An app may be able to bypass certain Privacy preferences.
Affects PackageKit |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43233: A malicious app acting as a HTTPS proxy could get access to sensitive user data.
Affects Security |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43234: Processing a maliciously crafted texture may lead to unexpected app termination.
Affects Metal |
| x |
|
x |
|
|
x |
x |
x |
CVE-2025-43235: An app may be able to cause a denial-of-service.
Affects Power Management |
| |
|
x |
|
|
|
|
|
CVE-2025-43236: An attacker may be able to cause unexpected app termination.
Affects Power Management |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43237: An app may be able to cause unexpected system termination.
Affects WebContentFilter |
| |
|
x |
|
|
|
|
|
CVE-2025-43238: An app may be able to cause unexpected system termination.
Affects Xsan |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43239: Processing a maliciously crafted file may lead to unexpected app termination.
Affects sips |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43240: A download’s origin may be incorrectly associated.
Affects WebKit |
| |
|
x |
|
|
|
|
|
CVE-2025-43241: An app may be able to read files outside of its sandbox.
Affects SceneKit |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43243: An app may be able to modify protected parts of the file system.
Affects Software Update |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43244: An app may be able to cause unexpected system termination.
Affects AMD |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43245: An app may be able to access protected user data.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43246: An app may be able to access sensitive user data.
Affects Spotlight |
| |
|
x |
x |
|
|
|
|
CVE-2025-43247: A malicious app with root privileges may be able to modify the contents of system files.
Affects PackageKit |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43248: A malicious app may be able to gain root privileges.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
|
|
|
|
CVE-2025-43249: An app may be able to gain root privileges.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43250: An app may be able to break out of its sandbox.
Affects SharedFileList |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43251: A local attacker may gain access to Keychain items.
Affects User Management |
| |
|
x |
|
|
|
|
|
CVE-2025-43252: A website may be able to access sensitive user data when resolving symlinks.
Affects zip |
| |
|
x |
|
|
|
|
|
CVE-2025-43253: A malicious app may be able to launch arbitrary binaries on a trusted device.
Affects AppleMobileFileIntegrity |
| |
|
x |
x |
|
|
|
|
CVE-2025-43254: Processing a maliciously crafted file may lead to unexpected app termination.
Affects file |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43255: An app may be able to cause unexpected system termination.
Affects GPU Drivers |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43256: An app may be able to gain root privileges.
Affects StorageKit |
| |
|
x |
x |
|
|
|
|
CVE-2025-43257: An app may be able to break out of its sandbox.
Affects Archive Utility |
| |
|
x |
|
|
|
|
|
CVE-2025-43259: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects WindowServer |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43260: An app may be able to hijack entitlements granted to other privileged apps.
Affects PackageKit |
| |
|
x |
x |
|
|
|
|
CVE-2025-43261: An app may be able to break out of its sandbox.
Affects File Bookmark |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43265: Processing maliciously crafted web content may disclose internal states of the app.
Affects WebKit |
| x |
|
x |
|
|
x |
x |
x |
CVE-2025-43266: An app may be able to break out of its sandbox.
Affects NSSpellChecker |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43267: An app may be able to access sensitive user data.
Affects Directory Utility |
| |
|
x |
|
|
|
|
|
CVE-2025-43268: A malicious app may be able to gain root privileges.
Affects Kernel |
| |
|
x |
|
|
|
|
|
CVE-2025-43270: An app may gain unauthorized access to Local Network.
Affects Notes |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43273: A sandboxed process may be able to circumvent sandbox restrictions.
Affects CoreMedia |
| |
|
x |
|
|
|
|
|
CVE-2025-43274: A sandboxed process may be able to circumvent sandbox restrictions.
Affects RemoteViewServices |
| |
|
x |
|
|
|
|
|
CVE-2025-43275: An app may be able to break out of its sandbox.
Affects NetAuth |
| |
|
x |
x |
x |
|
|
|
CVE-2025-43276: iCloud Private Relay may not activate when more than one user is logged in at the same time.
Affects Kernel |
| |
|
x |
|
|
|
|
|
CVE-2025-43277: Processing a maliciously crafted audio file may lead to memory corruption.
Affects CoreAudio |
| x |
|
x |
|
|
x |
x |
x |
CVE-2025-6558: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects WebKit |
| x |
x |
x |
|
|
x |
x |
x |
CVE-2025-7424: Processing maliciously crafted web content may lead to memory corruption.
Affects libxslt |
| x |
x |
x |
x |
|
x |
x |
x |
CVE-2025-7425: Processing a file may lead to memory corruption.
Affects libxml2 |
| x |
|
x |
|
|
x |
x |
x |
