macOS
macOS 15.4
Official advisory155 CVEs fixed by this release.
- Release date
- 2025-03-31
- End of support
- —
- CVEs fixed
- 155
- CISA KEV
- 0
- Critical
- 0
- High
- 2
- NVD pending
- 150
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-48958
[Apple libarchive] An input validation issue was addressed |
HIGH 7.8 | — | [Apple libarchive] An input validation issue was addressed | |
|
CVE-2024-56171
[Apple libxml2] Parsing a file may lead to an unexpected app termination |
HIGH 7.8 | — | [Apple libxml2] Parsing a file may lead to an unexpected app termination | |
|
CVE-2024-9681
[Apple curl] An input validation issue was addressed |
MEDIUM 6.5 | — | [Apple curl] An input validation issue was addressed | |
|
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wro… |
MEDIUM 5.3 | — | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is ident… | |
|
CVE-2025-27113
[Apple libxml2] Parsing a file may lead to an unexpected app termination |
LOW 2.9 | — | [Apple libxml2] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-30465
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2025-31199
[Apple Logging] An app may be able to access sensitive user data |
N/A | — | [Apple Logging] An app may be able to access sensitive user data | |
|
CVE-2025-43184
[Apple Shortcuts] A shortcut may be able to bypass sensitive Shortcuts app settings |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass sensitive Shortcuts app settings | |
|
CVE-2025-24097
[Apple AirDrop] An app may be able to read arbitrary file metadata |
N/A | — | [Apple AirDrop] An app may be able to read arbitrary file metadata | |
|
CVE-2025-24258
[Apple DiskArbitration] An app may be able to gain root privileges |
N/A | — | [Apple DiskArbitration] An app may be able to gain root privileges | |
|
CVE-2025-24259
[Apple Parental Controls] An app may be able to retrieve Safari bookmarks without an entitlement check |
N/A | — | [Apple Parental Controls] An app may be able to retrieve Safari bookmarks without an entitlement check | |
|
CVE-2025-30442
[Apple Software Update] An app may be able to gain elevated privileges |
N/A | — | [Apple Software Update] An app may be able to gain elevated privileges | |
|
CVE-2025-30443
[Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data | |
|
CVE-2025-30448
[Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication |
N/A | — | [Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication | |
|
CVE-2025-30453
[Apple DiskArbitration] A malicious app may be able to gain root privileges |
N/A | — | [Apple DiskArbitration] A malicious app may be able to gain root privileges | |
|
CVE-2025-31196
[Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memo… |
N/A | — | [Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents | |
|
CVE-2025-24093
[Apple Sandbox] An app may be able to access removable volumes without user consent |
N/A | — | [Apple Sandbox] An app may be able to access removable volumes without user consent | |
|
CVE-2025-24113
[Apple Safari] Visiting a malicious website may lead to user interface spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to user interface spoofing | |
|
CVE-2025-24148
[Apple LaunchServices] A malicious JAR file may bypass Gatekeeper checks |
N/A | — | [Apple LaunchServices] A malicious JAR file may bypass Gatekeeper checks | |
|
CVE-2025-24157
[Apple Xsan] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Xsan] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-24163
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24164
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24167
[Apple Safari] A download's origin may be incorrectly associated |
N/A | — | [Apple Safari] A download's origin may be incorrectly associated | |
|
CVE-2025-24172
[Apple Mail] "Block All Remote Content" may not apply for all mail previews |
N/A | — | [Apple Mail] "Block All Remote Content" may not apply for all mail previews | |
|
CVE-2025-24173
[Apple Power Services] An app may be able to break out of its sandbox |
N/A | — | [Apple Power Services] An app may be able to break out of its sandbox | |
|
CVE-2025-24178
[Apple libxpc] An app may be able to break out of its sandbox |
N/A | — | [Apple libxpc] An app may be able to break out of its sandbox | |
|
CVE-2025-24180
[Apple Authentication Services] A malicious website may be able to claim WebAuthn credentials from another website that… |
N/A | — | [Apple Authentication Services] A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix | |
|
CVE-2025-24181
[Apple Sandbox] An app may be able to access protected user data |
N/A | — | [Apple Sandbox] An app may be able to access protected user data | |
|
CVE-2025-24182
[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2025-24190
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-24191
[Apple RPAC] An app may be able to modify protected parts of the file system |
N/A | — | [Apple RPAC] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24192
[Apple Web Extensions] Visiting a website may leak sensitive data |
N/A | — | [Apple Web Extensions] Visiting a website may leak sensitive data | |
|
CVE-2025-24194
[Apple libnetcore] Processing maliciously crafted web content may result in the disclosure of process memory |
N/A | — | [Apple libnetcore] Processing maliciously crafted web content may result in the disclosure of process memory | |
|
CVE-2025-24195
[Apple Libinfo] A user may be able to elevate privileges |
N/A | — | [Apple Libinfo] A user may be able to elevate privileges | |
|
CVE-2025-24196
[Apple Kernel] An attacker with user privileges may be able to read kernel memory |
N/A | — | [Apple Kernel] An attacker with user privileges may be able to read kernel memory | |
|
CVE-2025-24198
[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2025-24199
[Apple Foundation] An app may be able to cause a denial-of-service |
N/A | — | [Apple Foundation] An app may be able to cause a denial-of-service | |
|
CVE-2025-24202
[Apple Accessibility] An app may be able to access sensitive user data |
N/A | — | [Apple Accessibility] An app may be able to access sensitive user data | |
|
CVE-2025-24203
[Apple Kernel] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Kernel] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24204
[Apple Kernel] An app may be able to access protected user data |
N/A | — | [Apple Kernel] An app may be able to access protected user data | |
|
CVE-2025-24205
[Apple Siri] An app may be able to access user-sensitive data |
N/A | — | [Apple Siri] An app may be able to access user-sensitive data | |
|
CVE-2025-24206
[Apple AirPlay] An attacker on the local network may be able to bypass authentication policy |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to bypass authentication policy | |
|
CVE-2025-24207
[Apple Storage Management] An app may be able to enable iCloud storage features without user consent |
N/A | — | [Apple Storage Management] An app may be able to enable iCloud storage features without user consent | |
|
CVE-2025-24209
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-24210
[Apple ImageIO] Parsing an image may lead to disclosure of user information |
N/A | — | [Apple ImageIO] Parsing an image may lead to disclosure of user information | |
|
CVE-2025-24211
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-24212
[Apple Calendar] An app may be able to break out of its sandbox |
N/A | — | [Apple Calendar] An app may be able to break out of its sandbox | |
|
CVE-2025-24214
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-24215
[Apple CloudKit] A malicious app may be able to access private information |
N/A | — | [Apple CloudKit] A malicious app may be able to access private information | |
|
CVE-2025-24216
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-24217
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-24218
[Apple Summarization Services] An app may be able to access information about a user's contacts |
N/A | — | [Apple Summarization Services] An app may be able to access information about a user's contacts | |
|
CVE-2025-24228
[Apple SMB] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple SMB] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2025-24229
[Apple Installer] A sandboxed app may be able to access sensitive user data |
N/A | — | [Apple Installer] A sandboxed app may be able to access sensitive user data | |
|
CVE-2025-24230
[Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination | |
|
CVE-2025-24231
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24232
[Apple NSDocument] A malicious app may be able to access arbitrary files |
N/A | — | [Apple NSDocument] A malicious app may be able to access arbitrary files | |
|
CVE-2025-24233
[Apple AppleMobileFileIntegrity] A malicious app may be able to read or write to protected files |
N/A | — | [Apple AppleMobileFileIntegrity] A malicious app may be able to read or write to protected files | |
|
CVE-2025-24234
[Apple AccountPolicy] A malicious app may be able to gain root privileges |
N/A | — | [Apple AccountPolicy] A malicious app may be able to gain root privileges | |
|
CVE-2025-24235
[Apple Kerberos Helper] A remote attacker may be able to cause unexpected app termination or heap corruption |
N/A | — | [Apple Kerberos Helper] A remote attacker may be able to cause unexpected app termination or heap corruption | |
|
CVE-2025-24236
[Apple CoreMedia] An app may be able to access sensitive user data |
N/A | — | [Apple CoreMedia] An app may be able to access sensitive user data | |
|
CVE-2025-24237
[Apple BiometricKit] An app may be able to cause unexpected system termination |
N/A | — | [Apple BiometricKit] An app may be able to cause unexpected system termination | |
|
CVE-2025-24238
[Apple libxpc] An app may be able to gain elevated privileges |
N/A | — | [Apple libxpc] An app may be able to gain elevated privileges | |
|
CVE-2025-24239
[Apple AppleMobileFileIntegrity] An app may be able to access protected user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access protected user data | |
|
CVE-2025-24240
[Apple StorageKit] An app may be able to access user-sensitive data |
N/A | — | [Apple StorageKit] An app may be able to access user-sensitive data | |
|
CVE-2025-24241
[Apple WindowServer] An app may be able to trick a user into copying sensitive data to the pasteboard |
N/A | — | [Apple WindowServer] An app may be able to trick a user into copying sensitive data to the pasteboard | |
|
CVE-2025-24242
[Apple System Settings] An app with root privileges may be able to access private information |
N/A | — | [Apple System Settings] An app with root privileges may be able to access private information | |
|
CVE-2025-24243
[Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution |
N/A | — | [Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution | |
|
CVE-2025-24244
[Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2025-24245
[Apple Authentication Services] A malicious app may be able to access a user's saved passwords |
N/A | — | [Apple Authentication Services] A malicious app may be able to access a user's saved passwords | |
|
CVE-2025-24246
[Apple OpenSSH] An app may be able to access user-sensitive data |
N/A | — | [Apple OpenSSH] An app may be able to access user-sensitive data | |
|
CVE-2025-24247
[Apple WindowServer] An attacker may be able to cause unexpected app termination |
N/A | — | [Apple WindowServer] An attacker may be able to cause unexpected app termination | |
|
CVE-2025-24248
[Apple Siri] An app may be able to enumerate devices that have signed into the user's Apple Account |
N/A | — | [Apple Siri] An app may be able to enumerate devices that have signed into the user's Apple Account | |
|
CVE-2025-24249
[Apple Installer] An app may be able to check the existence of an arbitrary path on the file system |
N/A | — | [Apple Installer] An app may be able to check the existence of an arbitrary path on the file system | |
|
CVE-2025-24250
[Apple Security] A malicious app acting as a HTTPS proxy could get access to sensitive user data |
N/A | — | [Apple Security] A malicious app acting as a HTTPS proxy could get access to sensitive user data | |
|
CVE-2025-24251
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-24252
[Apple AirPlay] An attacker on the local network may be able to corrupt process memory |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to corrupt process memory | |
|
CVE-2025-24253
[Apple StorageKit] An app may be able to access protected user data |
N/A | — | [Apple StorageKit] An app may be able to access protected user data | |
|
CVE-2025-24254
[Apple Software Update] A user may be able to elevate privileges |
N/A | — | [Apple Software Update] A user may be able to elevate privileges | |
|
CVE-2025-24255
[Apple Disk Images] An app may be able to break out of its sandbox |
N/A | — | [Apple Disk Images] An app may be able to break out of its sandbox | |
|
CVE-2025-24256
[Apple GPU Drivers] An app may be able to disclose kernel memory |
N/A | — | [Apple GPU Drivers] An app may be able to disclose kernel memory | |
|
CVE-2025-24257
[Apple IOGPUFamily] An app may be able to cause unexpected system termination or write kernel memory |
N/A | — | [Apple IOGPUFamily] An app may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-24260
[Apple smbx] An attacker in a privileged position may be able to perform a denial-of-service |
N/A | — | [Apple smbx] An attacker in a privileged position may be able to perform a denial-of-service | |
|
CVE-2025-24261
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24262
[Apple Notes] A sandboxed app may be able to access sensitive user data in system logs |
N/A | — | [Apple Notes] A sandboxed app may be able to access sensitive user data in system logs | |
|
CVE-2025-24263
[Apple StickerKit] An app may be able to observe unprotected user data |
N/A | — | [Apple StickerKit] An app may be able to observe unprotected user data | |
|
CVE-2025-24264
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-24265
[Apple Xsan] An app may be able to cause unexpected system termination |
N/A | — | [Apple Xsan] An app may be able to cause unexpected system termination | |
|
CVE-2025-24266
[Apple Xsan] An app may be able to cause unexpected system termination |
N/A | — | [Apple Xsan] An app may be able to cause unexpected system termination | |
|
CVE-2025-24267
[Apple DiskArbitration] An app may be able to gain root privileges |
N/A | — | [Apple DiskArbitration] An app may be able to gain root privileges | |
|
CVE-2025-24269
[Apple SMB] An app may be able to cause unexpected system termination |
N/A | — | [Apple SMB] An app may be able to cause unexpected system termination | |
|
CVE-2025-24270
[Apple AirPlay] An attacker on the local network may be able to leak sensitive user information |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to leak sensitive user information | |
|
CVE-2025-24271
[Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without p… |
N/A | — | [Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing | |
|
CVE-2025-24272
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24273
[Apple GPU Drivers] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-24276
[Apple App Store] A malicious app may be able to access private information |
N/A | — | [Apple App Store] A malicious app may be able to access private information | |
|
CVE-2025-24277
[Apple Crash Reporter] An app may be able to gain root privileges |
N/A | — | [Apple Crash Reporter] An app may be able to gain root privileges | |
|
CVE-2025-24278
[Apple System Settings] An app may be able to access protected user data |
N/A | — | [Apple System Settings] An app may be able to access protected user data | |
|
CVE-2025-24279
[Apple Voice Control] An app may be able to access contacts |
N/A | — | [Apple Voice Control] An app may be able to access contacts | |
|
CVE-2025-24280
[Apple Shortcuts] An app may be able to access user-sensitive data |
N/A | — | [Apple Shortcuts] An app may be able to access user-sensitive data | |
|
CVE-2025-24281
[Apple FeedbackLogger] An app may be able to access sensitive user data |
N/A | — | [Apple FeedbackLogger] An app may be able to access sensitive user data | |
|
CVE-2025-24282
[Apple Software Update] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Software Update] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24283
[Apple Focus] An app may be able to access sensitive user data |
N/A | — | [Apple Focus] An app may be able to access sensitive user data | |
|
CVE-2025-30424
[Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging |
N/A | — | [Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging | |
|
CVE-2025-30425
[Apple WebKit] A malicious website may be able to track users in Safari private browsing mode |
N/A | — | [Apple WebKit] A malicious website may be able to track users in Safari private browsing mode | |
|
CVE-2025-30426
[Apple NetworkExtension] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple NetworkExtension] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-30427
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-30429
[Apple Calendar] An app may be able to break out of its sandbox |
N/A | — | [Apple Calendar] An app may be able to break out of its sandbox | |
|
CVE-2025-30430
[Apple Authentication Services] Password autofill may fill in passwords after failing authentication |
N/A | — | [Apple Authentication Services] Password autofill may fill in passwords after failing authentication | |
|
CVE-2025-30433
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2025-30435
[Apple Siri] A sandboxed app may be able to access sensitive user data in system logs |
N/A | — | [Apple Siri] A sandboxed app may be able to access sensitive user data in system logs | |
|
CVE-2025-30437
[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory |
N/A | — | [Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory | |
|
CVE-2025-30438
[Apple Share Sheet] A malicious app may be able to dismiss the system notification on the Lock Screen that a recording … |
N/A | — | [Apple Share Sheet] A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started | |
|
CVE-2025-30439
[Apple Focus] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple Focus] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-30444
[Apple SMB] Mounting a maliciously crafted SMB network share may lead to system termination |
N/A | — | [Apple SMB] Mounting a maliciously crafted SMB network share may lead to system termination | |
|
CVE-2025-30445
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-30446
[Apple PackageKit] A malicious app with root privileges may be able to modify the contents of system files |
N/A | — | [Apple PackageKit] A malicious app with root privileges may be able to modify the contents of system files | |
|
CVE-2025-30447
[Apple Foundation] An app may be able to access sensitive user data |
N/A | — | [Apple Foundation] An app may be able to access sensitive user data | |
|
CVE-2025-30449
[Apple StorageKit] An app may be able to gain root privileges |
N/A | — | [Apple StorageKit] An app may be able to gain root privileges | |
|
CVE-2025-30450
[Apple manpages] An app may be able to access sensitive user data |
N/A | — | [Apple manpages] An app may be able to access sensitive user data | |
|
CVE-2025-30451
[Apple FaceTime] An app may be able to access sensitive user data |
N/A | — | [Apple FaceTime] An app may be able to access sensitive user data | |
|
CVE-2025-30452
[Apple Sandbox] An input validation issue was addressed |
N/A | — | [Apple Sandbox] An input validation issue was addressed | |
|
CVE-2025-30454
[Apple CoreMedia Playback] A malicious app may be able to access private information |
N/A | — | [Apple CoreMedia Playback] A malicious app may be able to access private information | |
|
CVE-2025-30455
[Apple Dock] A malicious app may be able to access private information |
N/A | — | [Apple Dock] A malicious app may be able to access private information | |
|
CVE-2025-30456
[Apple DiskArbitration] An app may be able to gain root privileges |
N/A | — | [Apple DiskArbitration] An app may be able to gain root privileges | |
|
CVE-2025-30457
[Apple SystemMigration] A malicious app may be able to create symlinks to protected regions of the disk |
N/A | — | [Apple SystemMigration] A malicious app may be able to create symlinks to protected regions of the disk | |
|
CVE-2025-30458
[Apple SceneKit] An app may be able to read files outside of its sandbox |
N/A | — | [Apple SceneKit] An app may be able to read files outside of its sandbox | |
|
CVE-2025-30460
[Apple Automator] An app may be able to access protected user data |
N/A | — | [Apple Automator] An app may be able to access protected user data | |
|
CVE-2025-30461
[Apple Foundation] An app may be able to access protected user data |
N/A | — | [Apple Foundation] An app may be able to access protected user data | |
|
CVE-2025-30462
[Apple dyld] Apps that appear to use App Sandbox may be able to launch without restrictions |
N/A | — | [Apple dyld] Apps that appear to use App Sandbox may be able to launch without restrictions | |
|
CVE-2025-30463
[Apple Handoff] An app may be able to access sensitive user data |
N/A | — | [Apple Handoff] An app may be able to access sensitive user data | |
|
CVE-2025-30464
[Apple GPU Drivers] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-30466
[Apple Safari] A website may be able to bypass Same Origin Policy |
N/A | — | [Apple Safari] A website may be able to bypass Same Origin Policy | |
|
CVE-2025-30467
[Apple Safari] Visiting a malicious website may lead to address bar spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to address bar spoofing | |
|
CVE-2025-30470
[Apple Maps] An app may be able to read sensitive location information |
N/A | — | [Apple Maps] An app may be able to read sensitive location information | |
|
CVE-2025-30471
[Apple Security] A remote user may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote user may be able to cause a denial-of-service | |
|
CVE-2025-31182
[Apple libxpc] An app may be able to delete files for which it does not have permission |
N/A | — | [Apple libxpc] An app may be able to delete files for which it does not have permission | |
|
CVE-2025-31183
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-31184
[Apple Web Extensions] An app may gain unauthorized access to Local Network |
N/A | — | [Apple Web Extensions] An app may gain unauthorized access to Local Network | |
|
CVE-2025-31187
[Apple Dock] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Dock] An app may be able to modify protected parts of the file system | |
|
CVE-2025-31188
[Apple StorageKit] An app may be able to bypass Privacy preferences |
N/A | — | [Apple StorageKit] An app may be able to bypass Privacy preferences | |
|
CVE-2025-31189
[Apple Disk Images] An app may be able to break out of its sandbox |
N/A | — | [Apple Disk Images] An app may be able to break out of its sandbox | |
|
CVE-2025-31191
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data | |
|
CVE-2025-31192
[Apple Safari] A website may be able to access sensor information without user consent |
N/A | — | [Apple Safari] A website may be able to access sensor information without user consent | |
|
CVE-2025-31194
[Apple Shortcuts] A Shortcut may run with admin privileges without authentication |
N/A | — | [Apple Shortcuts] A Shortcut may run with admin privileges without authentication | |
|
CVE-2025-31195
[Apple TCC] An app may be able to break out of its sandbox |
N/A | — | [Apple TCC] An app may be able to break out of its sandbox | |
|
CVE-2025-31197
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-31198
[Apple zip] A path handling issue was addressed with improved validation |
N/A | — | [Apple zip] A path handling issue was addressed with improved validation | |
|
CVE-2025-31202
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-31203
[Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-31231
[Apple libnetcore] An app may be able to read sensitive location information |
N/A | — | [Apple libnetcore] An app may be able to read sensitive location information | |
|
CVE-2025-31261
[Apple StorageKit] An app may be able to access protected user data |
N/A | — | [Apple StorageKit] An app may be able to access protected user data | |
|
CVE-2025-31263
[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory |
N/A | — | [Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory | |
|
CVE-2025-31264
[Apple macOS Recovery] An attacker with physical access to a locked device may be able to view sensitive user informati… |
N/A | — | [Apple macOS Recovery] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-43205
[Apple Audio] An app may be able to bypass ASLR |
N/A | — | [Apple Audio] An app may be able to bypass ASLR |