macOS
macOS 14.7.3
Official advisory48 CVEs fixed by this release.
- Release date
- 2025-01-27
- End of support
- —
- CVEs fixed
- 48
- CISA KEV
- 0
- Critical
- 0
- High
- 2
- NVD pending
- 46
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-55549
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue |
HIGH 7.8 | — | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue | |
|
CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can… |
HIGH 7.8 | — | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is… | |
|
CVE-2025-31242
[Apple StoreKit] An app may be able to access sensitive user data |
N/A | — | [Apple StoreKit] An app may be able to access sensitive user data | |
|
CVE-2025-31248
[Apple UserAccountUpdater] An app may be able to access sensitive user data |
N/A | — | [Apple UserAccountUpdater] An app may be able to access sensitive user data | |
|
CVE-2025-43374
[Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |
N/A | — | [Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory | |
|
CVE-2025-24093
[Apple Sandbox] An app may be able to access removable volumes without user consent |
N/A | — | [Apple Sandbox] An app may be able to access removable volumes without user consent | |
|
CVE-2025-24139
[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination |
N/A | — | [Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination | |
|
CVE-2025-24163
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2024-44172
[Apple Contacts] An app may be able to access contacts |
N/A | — | [Apple Contacts] An app may be able to access contacts | |
|
CVE-2024-44243
[Apple StorageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple StorageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-54497
[Apple QuartzCore] Processing web content may lead to a denial-of-service |
N/A | — | [Apple QuartzCore] Processing web content may lead to a denial-of-service | |
|
CVE-2024-54509
[Apple ASP TCP] An app may be able to cause unexpected system termination or write kernel memory |
N/A | — | [Apple ASP TCP] An app may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-24086
[Apple ImageIO] Processing an image may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing an image may lead to a denial-of-service | |
|
CVE-2025-24092
[Apple TV App] An app may be able to read sensitive location information |
N/A | — | [Apple TV App] An app may be able to read sensitive location information | |
|
CVE-2025-24094
[Apple LaunchServices] An app may be able to access user-sensitive data |
N/A | — | [Apple LaunchServices] An app may be able to access user-sensitive data | |
|
CVE-2025-24099
[Apple PackageKit] A local attacker may be able to elevate their privileges |
N/A | — | [Apple PackageKit] A local attacker may be able to elevate their privileges | |
|
CVE-2025-24100
[Apple AppleMobileFileIntegrity] An app may be able to access information about a user's contacts |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access information about a user's contacts | |
|
CVE-2025-24102
[Apple CoreRoutine] An app may be able to determine a user’s current location |
N/A | — | [Apple CoreRoutine] An app may be able to determine a user’s current location | |
|
CVE-2025-24103
[Apple Security] An app may be able to access protected user data |
N/A | — | [Apple Security] An app may be able to access protected user data | |
|
CVE-2025-24106
[Apple Audio] An app may be able to cause unexpected system termination |
N/A | — | [Apple Audio] An app may be able to cause unexpected system termination | |
|
CVE-2025-24109
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-24112
[Apple AppleGraphicsControl] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple AppleGraphicsControl] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24114
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24115
[Apple LaunchServices] An app may be able to read files outside of its sandbox |
N/A | — | [Apple LaunchServices] An app may be able to read files outside of its sandbox | |
|
CVE-2025-24116
[Apple LaunchServices] An app may be able to bypass Privacy preferences |
N/A | — | [Apple LaunchServices] An app may be able to bypass Privacy preferences | |
|
CVE-2025-24118
[Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-24120
[Apple WindowServer] An attacker may be able to cause unexpected app termination |
N/A | — | [Apple WindowServer] An attacker may be able to cause unexpected app termination | |
|
CVE-2025-24121
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24122
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24123
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24124
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24127
[Apple ARKit] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple ARKit] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24130
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24136
[Apple Login Window] A malicious app may be able to create symlinks to protected regions of the disk |
N/A | — | [Apple Login Window] A malicious app may be able to create symlinks to protected regions of the disk | |
|
CVE-2025-24137
[Apple AirPlay] An attacker on the local network may corrupt process memory |
N/A | — | [Apple AirPlay] An attacker on the local network may corrupt process memory | |
|
CVE-2025-24138
[Apple Spotlight] A malicious application may be able to leak sensitive user information |
N/A | — | [Apple Spotlight] A malicious application may be able to leak sensitive user information | |
|
CVE-2025-24146
[Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging |
N/A | — | [Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging | |
|
CVE-2025-24149
[Apple SceneKit] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple SceneKit] Parsing a file may lead to disclosure of user information | |
|
CVE-2025-24151
[Apple SMB] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple SMB] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-24154
[Apple WebContentFilter] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple WebContentFilter] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-24156
[Apple Xsan] An app may be able to elevate privileges |
N/A | — | [Apple Xsan] An app may be able to elevate privileges | |
|
CVE-2025-24159
[Apple Kernel] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple Kernel] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2025-24160
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24161
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24174
[Apple iCloud Photo Library] An app may be able to bypass Privacy preferences |
N/A | — | [Apple iCloud Photo Library] An app may be able to bypass Privacy preferences | |
|
CVE-2025-24176
[Apple StorageKit] A local attacker may be able to elevate their privileges |
N/A | — | [Apple StorageKit] A local attacker may be able to elevate their privileges | |
|
CVE-2025-24183
[Apple Perl] A local user may be able to modify protected parts of the file system |
N/A | — | [Apple Perl] A local user may be able to modify protected parts of the file system | |
|
CVE-2025-24185
[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination |
N/A | — | [Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination |