macOS
macOS 15.5
Official advisory54 CVEs fixed by this release.
- Release date
- 2025-05-12
- End of support
- —
- CVEs fixed
- 54
- CISA KEV
- 0
- Critical
- 0
- High
- 2
- NVD pending
- 51
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-8176
[Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution |
HIGH 7.5 | — | [Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution | |
|
CVE-2025-26466
[Apple OpenSSH] Multiple issues in OpenSSH |
HIGH 7.5 | — | [Apple OpenSSH] Multiple issues in OpenSSH | |
|
CVE-2025-26465
[Apple OpenSSH] Multiple issues in OpenSSH |
MEDIUM 6.8 | — | [Apple OpenSSH] Multiple issues in OpenSSH | |
|
CVE-2025-31259
[Apple SoftwareUpdate] An app may be able to gain elevated privileges |
N/A | — | [Apple SoftwareUpdate] An app may be able to gain elevated privileges | |
|
CVE-2025-24224
[Apple Kernel] A remote attacker may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] A remote attacker may be able to cause unexpected system termination | |
|
CVE-2025-24142
[Apple Notification Center] An app may be able to access sensitive user data |
N/A | — | [Apple Notification Center] An app may be able to access sensitive user data | |
|
CVE-2025-24213
[Apple WebKit] A type confusion issue could lead to memory corruption |
N/A | — | [Apple WebKit] A type confusion issue could lead to memory corruption | |
|
CVE-2025-24222
[Apple BOM] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple BOM] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-24223
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-24274
[Apple Mobile Device Service] A malicious app may be able to gain root privileges |
N/A | — | [Apple Mobile Device Service] A malicious app may be able to gain root privileges | |
|
CVE-2025-30440
[Apple Libinfo] An app may be able to bypass ASLR |
N/A | — | [Apple Libinfo] An app may be able to bypass ASLR | |
|
CVE-2025-30443
[Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data | |
|
CVE-2025-31204
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31205
[Apple WebKit] A malicious website may exfiltrate data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate data cross-origin | |
|
CVE-2025-31206
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31208
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31209
[Apple CoreGraphics] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple CoreGraphics] Parsing a file may lead to disclosure of user information | |
|
CVE-2025-31212
[Apple Core Bluetooth] An app may be able to access sensitive user data |
N/A | — | [Apple Core Bluetooth] An app may be able to access sensitive user data | |
|
CVE-2025-31213
[Apple Security] An app may be able to access associated usernames and websites in a user's iCloud Keychain |
N/A | — | [Apple Security] An app may be able to access associated usernames and websites in a user's iCloud Keychain | |
|
CVE-2025-31215
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-31217
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31218
[Apple NetworkExtension] An app may be able to observe the hostnames of new network connections |
N/A | — | [Apple NetworkExtension] An app may be able to observe the hostnames of new network connections | |
|
CVE-2025-31219
[Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-31220
[Apple Weather] A malicious app may be able to read sensitive location information |
N/A | — | [Apple Weather] A malicious app may be able to read sensitive location information | |
|
CVE-2025-31221
[Apple Security] A remote attacker may be able to leak memory |
N/A | — | [Apple Security] A remote attacker may be able to leak memory | |
|
CVE-2025-31222
[Apple mDNSResponder] A user may be able to elevate privileges |
N/A | — | [Apple mDNSResponder] A user may be able to elevate privileges | |
|
CVE-2025-31223
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31224
[Apple Sandbox] An app may be able to bypass certain Privacy preferences |
N/A | — | [Apple Sandbox] An app may be able to bypass certain Privacy preferences | |
|
CVE-2025-31226
[Apple ImageIO] Processing a maliciously crafted image may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing a maliciously crafted image may lead to a denial-of-service | |
|
CVE-2025-31232
[Apple Installer] A sandboxed app may be able to access sensitive user data |
N/A | — | [Apple Installer] A sandboxed app may be able to access sensitive user data | |
|
CVE-2025-31233
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-31234
[Apple Pro Res] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Pro Res] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-31235
[Apple Audio] An app may be able to cause unexpected system termination |
N/A | — | [Apple Audio] An app may be able to cause unexpected system termination | |
|
CVE-2025-31236
[Apple Finder] An app may be able to access sensitive user data |
N/A | — | [Apple Finder] An app may be able to access sensitive user data | |
|
CVE-2025-31237
[Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination |
N/A | — | [Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination | |
|
CVE-2025-31238
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31239
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31240
[Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination |
N/A | — | [Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination | |
|
CVE-2025-31241
[Apple Kernel] A remote attacker may cause an unexpected app termination |
N/A | — | [Apple Kernel] A remote attacker may cause an unexpected app termination | |
|
CVE-2025-31242
[Apple StoreKit] An app may be able to access sensitive user data |
N/A | — | [Apple StoreKit] An app may be able to access sensitive user data | |
|
CVE-2025-31244
[Apple quarantine] An app may be able to break out of its sandbox |
N/A | — | [Apple quarantine] An app may be able to break out of its sandbox | |
|
CVE-2025-31245
[Apple Pro Res] An app may be able to cause unexpected system termination |
N/A | — | [Apple Pro Res] An app may be able to cause unexpected system termination | |
|
CVE-2025-31246
[Apple afpfs] Connecting to a malicious AFP server may corrupt kernel memory |
N/A | — | [Apple afpfs] Connecting to a malicious AFP server may corrupt kernel memory | |
|
CVE-2025-31247
[Apple SharedFileList] An attacker may gain access to protected parts of the file system |
N/A | — | [Apple SharedFileList] An attacker may gain access to protected parts of the file system | |
|
CVE-2025-31248
[Apple UserAccountUpdater] An app may be able to access sensitive user data |
N/A | — | [Apple UserAccountUpdater] An app may be able to access sensitive user data | |
|
CVE-2025-31249
[Apple Sandbox] An app may be able to access sensitive user data |
N/A | — | [Apple Sandbox] An app may be able to access sensitive user data | |
|
CVE-2025-31250
[Apple TCC] An app may be able to access sensitive user data |
N/A | — | [Apple TCC] An app may be able to access sensitive user data | |
|
CVE-2025-31251
[Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-31256
[Apple Notes] Hot corner may unexpectedly reveal a user’s deleted notes |
N/A | — | [Apple Notes] Hot corner may unexpectedly reveal a user’s deleted notes | |
|
CVE-2025-31257
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31258
[Apple RemoteViewServices] An app may be able to break out of its sandbox |
N/A | — | [Apple RemoteViewServices] An app may be able to break out of its sandbox | |
|
CVE-2025-31260
[Apple Apple Intelligence Reports] An app may be able to access sensitive user data |
N/A | — | [Apple Apple Intelligence Reports] An app may be able to access sensitive user data | |
|
CVE-2025-31266
[Apple Safari] A website may be able to spoof the domain name in the title of a pop-up window |
N/A | — | [Apple Safari] A website may be able to spoof the domain name in the title of a pop-up window | |
|
CVE-2025-43374
[Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |
N/A | — | [Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |