macOS 15.3

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can…

[Apple LaunchServices] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privile…

[Apple Display] An app may be able to cause unexpected system termination

[Apple Kernel] An app may be able to leak sensitive kernel state

[Apple WebContentFilter] An app may be able to disclose kernel memory

[Apple Safari] Visiting a malicious website may lead to user interface spoofing

[Apple AirPlay] An attacker on the local network may be able to corrupt process memory

[Apple AirPlay] An attacker on the local network may cause an unexpected app termination

[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service

[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination

[Apple CoreAudio] Parsing a file may lead to an unexpected app termination

[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service

[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service

[Apple ImageIO] Processing an image may lead to a denial-of-service

[Apple AppKit] An app may be able to access protected user data

[Apple TV App] An app may be able to read sensitive location information

[Apple LaunchServices] An app may be able to access user-sensitive data

[Apple NSDocument] A malicious app may be able to access arbitrary files

[Apple PackageKit] A local attacker may be able to elevate their privileges

[Apple AppleMobileFileIntegrity] An app may be able to access information about a user's contacts

[Apple Messages] An app may be able to access user-sensitive data

[Apple CoreRoutine] An app may be able to determine a user’s current location

[Apple Security] An app may be able to access protected user data

[Apple Audio] An app may be able to cause unexpected system termination

[Apple Kernel] A malicious app may be able to gain root privileges

[Apple SharedFileList] An app may be able to access protected user data

[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data

[Apple AppleGraphicsControl] Parsing a file may lead to an unexpected app termination

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple LaunchServices] An app may be able to read files outside of its sandbox

[Apple LaunchServices] An app may be able to bypass Privacy preferences

[Apple LaunchServices] An app may be able to fingerprint the user

[Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory

[Apple WindowServer] An attacker may be able to cause unexpected app termination

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple CoreMedia] Parsing a file may lead to an unexpected app termination

[Apple CoreMedia] Parsing a file may lead to an unexpected app termination

[Apple ARKit] Parsing a file may lead to an unexpected app termination

[Apple Safari] Visiting a malicious website may lead to address bar spoofing

[Apple PackageKit] An app may be able to modify protected parts of the file system

[Apple FaceTime] An app may be able to access user-sensitive data

[Apple System Extensions] An app may be able to gain elevated privileges

[Apple Login Window] A malicious app may be able to create symlinks to protected regions of the disk

[Apple AirPlay] An attacker on the local network may corrupt process memory

[Apple Spotlight] A malicious application may be able to leak sensitive user information

[Apple iCloud] Files downloaded from the internet may not have the quarantine flag applied

[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user

[Apple Time Zone] An app may be able to view a contact's phone number in system logs

[Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging

[Apple SceneKit] Parsing a file may lead to disclosure of user information

[Apple WebKit Web Inspector] Copying a URL from Web Inspector may lead to command injection

[Apple SMB] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple SMB] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple SMB] An app with root privileges may be able to execute arbitrary code with kernel privileges

[Apple WebContentFilter] An attacker may be able to cause unexpected system termination or corrupt kernel memory

[Apple Xsan] An app may be able to elevate privileges

[Apple WebKit] Processing web content may lead to a denial-of-service

[Apple Kernel] An app may be able to execute arbitrary code with kernel privileges

[Apple CoreAudio] Parsing a file may lead to an unexpected app termination

[Apple CoreAudio] Parsing a file may lead to an unexpected app termination

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple Passwords] A malicious app may be able to bypass browser extension authentication

[Apple iCloud Photo Library] An app may be able to bypass Privacy preferences

[Apple StorageKit] A local attacker may be able to elevate their privileges

[Apple Perl] A local user may be able to modify protected parts of the file system

[Apple CoreMedia Playback] An app may be able to cause unexpected system termination

[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple PackageKit] An app may be able to modify protected parts of the file system