macOS
macOS 14.7.7
Official advisory52 CVEs fixed by this release.
- Release date
- 2025-07-29
- End of support
- —
- CVEs fixed
- 52
- CISA KEV
- 0
- Critical
- 0
- High
- 0
- NVD pending
- 51
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-7424
[Apple libxslt] Processing maliciously crafted web content may lead to memory corruption |
MEDIUM 7.3 | — | [Apple libxslt] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-24119
[Apple LaunchServices] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privile… |
N/A | — | [Apple LaunchServices] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges | |
|
CVE-2025-31243
[Apple AppleMobileFileIntegrity] An app may be able to gain root privileges |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to gain root privileges | |
|
CVE-2025-31279
[Apple Find My] An app may be able to fingerprint the user |
N/A | — | [Apple Find My] An app may be able to fingerprint the user | |
|
CVE-2025-43184
[Apple Shortcuts] A shortcut may be able to bypass sensitive Shortcuts app settings |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass sensitive Shortcuts app settings | |
|
CVE-2025-43186
[Apple afclip] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple afclip] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-43187
[Apple Disk Images] Running an hdiutil command may unexpectedly execute arbitrary code |
N/A | — | [Apple Disk Images] Running an hdiutil command may unexpectedly execute arbitrary code | |
|
CVE-2025-43189
[Apple WebContentFilter] A malicious app may be able to read kernel memory |
N/A | — | [Apple WebContentFilter] A malicious app may be able to read kernel memory | |
|
CVE-2025-43191
[Apple Admin Framework] An app may be able to cause a denial-of-service |
N/A | — | [Apple Admin Framework] An app may be able to cause a denial-of-service | |
|
CVE-2025-43192
[Apple Managed Configuration] Account-driven User Enrollment may still be possible with Lockdown Mode turned on |
N/A | — | [Apple Managed Configuration] Account-driven User Enrollment may still be possible with Lockdown Mode turned on | |
|
CVE-2025-43193
[Apple SecurityAgent] An app may be able to cause a denial-of-service |
N/A | — | [Apple SecurityAgent] An app may be able to cause a denial-of-service | |
|
CVE-2025-43194
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2025-43195
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data | |
|
CVE-2025-43196
[Apple libxpc] An app may be able to gain root privileges |
N/A | — | [Apple libxpc] An app may be able to gain root privileges | |
|
CVE-2025-43197
[Apple Single Sign-On] An app may be able to access sensitive user data |
N/A | — | [Apple Single Sign-On] An app may be able to access sensitive user data | |
|
CVE-2025-43198
[Apple Dock] An app may be able to access protected user data |
N/A | — | [Apple Dock] An app may be able to access protected user data | |
|
CVE-2025-43199
[Apple Core Services] A malicious app may be able to gain root privileges |
N/A | — | [Apple Core Services] A malicious app may be able to gain root privileges | |
|
CVE-2025-43206
[Apple System Settings] An app may be able to access protected user data |
N/A | — | [Apple System Settings] An app may be able to access protected user data | |
|
CVE-2025-43209
[Apple ICU] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple ICU] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43210
[Apple CoreMedia] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43220
[Apple copyfile] An app may be able to access protected user data |
N/A | — | [Apple copyfile] An app may be able to access protected user data | |
|
CVE-2025-43222
[Apple CFNetwork] An attacker may be able to cause unexpected app termination |
N/A | — | [Apple CFNetwork] An attacker may be able to cause unexpected app termination | |
|
CVE-2025-43223
[Apple CFNetwork] A non-privileged user may be able to modify restricted network settings |
N/A | — | [Apple CFNetwork] A non-privileged user may be able to modify restricted network settings | |
|
CVE-2025-43225
[Apple Notes] An app may be able to access sensitive user data |
N/A | — | [Apple Notes] An app may be able to access sensitive user data | |
|
CVE-2025-43226
[Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory |
N/A | — | [Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory | |
|
CVE-2025-43232
[Apple PackageKit] An app may be able to bypass certain Privacy preferences |
N/A | — | [Apple PackageKit] An app may be able to bypass certain Privacy preferences | |
|
CVE-2025-43233
[Apple Security] A malicious app acting as a HTTPS proxy could get access to sensitive user data |
N/A | — | [Apple Security] A malicious app acting as a HTTPS proxy could get access to sensitive user data | |
|
CVE-2025-43236
[Apple Power Management] An attacker may be able to cause unexpected app termination |
N/A | — | [Apple Power Management] An attacker may be able to cause unexpected app termination | |
|
CVE-2025-43238
[Apple Xsan] An app may be able to cause unexpected system termination |
N/A | — | [Apple Xsan] An app may be able to cause unexpected system termination | |
|
CVE-2025-43239
[Apple sips] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple sips] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2025-43241
[Apple SceneKit] An app may be able to read files outside of its sandbox |
N/A | — | [Apple SceneKit] An app may be able to read files outside of its sandbox | |
|
CVE-2025-43243
[Apple Software Update] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Software Update] An app may be able to modify protected parts of the file system | |
|
CVE-2025-43244
[Apple AMD] An app may be able to cause unexpected system termination |
N/A | — | [Apple AMD] An app may be able to cause unexpected system termination | |
|
CVE-2025-43245
[Apple AppleMobileFileIntegrity] An app may be able to access protected user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access protected user data | |
|
CVE-2025-43246
[Apple Spotlight] An app may be able to access sensitive user data |
N/A | — | [Apple Spotlight] An app may be able to access sensitive user data | |
|
CVE-2025-43247
[Apple PackageKit] A malicious app with root privileges may be able to modify the contents of system files |
N/A | — | [Apple PackageKit] A malicious app with root privileges may be able to modify the contents of system files | |
|
CVE-2025-43248
[Apple AppleMobileFileIntegrity] A malicious app may be able to gain root privileges |
N/A | — | [Apple AppleMobileFileIntegrity] A malicious app may be able to gain root privileges | |
|
CVE-2025-43249
[Apple AppleMobileFileIntegrity] An app may be able to gain root privileges |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to gain root privileges | |
|
CVE-2025-43250
[Apple SharedFileList] An app may be able to break out of its sandbox |
N/A | — | [Apple SharedFileList] An app may be able to break out of its sandbox | |
|
CVE-2025-43253
[Apple AppleMobileFileIntegrity] A malicious app may be able to launch arbitrary binaries on a trusted device |
N/A | — | [Apple AppleMobileFileIntegrity] A malicious app may be able to launch arbitrary binaries on a trusted device | |
|
CVE-2025-43254
[Apple file] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple file] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2025-43255
[Apple GPU Drivers] An app may be able to cause unexpected system termination |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination | |
|
CVE-2025-43256
[Apple StorageKit] An app may be able to gain root privileges |
N/A | — | [Apple StorageKit] An app may be able to gain root privileges | |
|
CVE-2025-43259
[Apple WindowServer] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple WindowServer] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-43260
[Apple PackageKit] An app may be able to hijack entitlements granted to other privileged apps |
N/A | — | [Apple PackageKit] An app may be able to hijack entitlements granted to other privileged apps | |
|
CVE-2025-43261
[Apple File Bookmark] An app may be able to break out of its sandbox |
N/A | — | [Apple File Bookmark] An app may be able to break out of its sandbox | |
|
CVE-2025-43266
[Apple NSSpellChecker] An app may be able to break out of its sandbox |
N/A | — | [Apple NSSpellChecker] An app may be able to break out of its sandbox | |
|
CVE-2025-43270
[Apple Notes] An app may gain unauthorized access to Local Network |
N/A | — | [Apple Notes] An app may gain unauthorized access to Local Network | |
|
CVE-2025-43275
[Apple NetAuth] An app may be able to break out of its sandbox |
N/A | — | [Apple NetAuth] An app may be able to break out of its sandbox | |
|
CVE-2025-43282
[Apple Kernel] An app may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination | |
|
CVE-2025-43284
[Apple GPU Drivers] An app may be able to cause unexpected system termination |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination | |
|
CVE-2025-43313
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data |