macOS
macOS 15.7.2
Official advisory61 CVEs fixed by this release.
- Release date
- 2025-11-03
- End of support
- —
- CVEs fixed
- 61
- CISA KEV
- 2
- Critical
- 0
- High
- 2
- NVD pending
- 58
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-43510
KEV
[Apple Kernel] A malicious application may cause unexpected changes in memory shared between processes |
N/A | KEV | [Apple Kernel] A malicious application may cause unexpected changes in memory shared between processes | |
|
CVE-2025-43520
KEV
[Apple Kernel] A malicious application may be able to cause unexpected system termination or write kernel memory |
N/A | KEV | [Apple Kernel] A malicious application may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-6442
[Apple Ruby] Multiple issues in ruby |
HIGH 7.7 | — | [Apple Ruby] Multiple issues in ruby | |
|
CVE-2024-49761
[Apple Ruby] Multiple issues in ruby |
HIGH 7.5 | — | [Apple Ruby] Multiple issues in ruby | |
|
CVE-2024-43398
[Apple Ruby] Multiple issues in ruby |
MEDIUM 5.9 | — | [Apple Ruby] Multiple issues in ruby | |
|
CVE-2025-43410
[Apple Notes] An attacker with physical access may be able to view deleted notes |
N/A | — | [Apple Notes] An attacker with physical access may be able to view deleted notes | |
|
CVE-2025-43377
[Apple Model I/O] An app may be able to cause a denial-of-service |
N/A | — | [Apple Model I/O] An app may be able to cause a denial-of-service | |
|
CVE-2025-43383
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43384
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43385
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43389
[Apple Notes] An app may be able to access sensitive user data |
N/A | — | [Apple Notes] An app may be able to access sensitive user data | |
|
CVE-2025-43398
[Apple Kernel] An app may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination | |
|
CVE-2025-43399
[Apple Siri] An app may be able to access protected user data |
N/A | — | [Apple Siri] An app may be able to access protected user data | |
|
CVE-2025-43423
[Apple Audio] An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive us… |
N/A | — | [Apple Audio] An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging | |
|
CVE-2025-43445
[Apple CoreText] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process … |
N/A | — | [Apple CoreText] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43448
[Apple CloudKit] An app may be able to break out of its sandbox |
N/A | — | [Apple CloudKit] An app may be able to break out of its sandbox | |
|
CVE-2025-43494
[Apple Mail] An attacker may be able to cause a persistent denial-of-service |
N/A | — | [Apple Mail] An attacker may be able to cause a persistent denial-of-service | |
|
CVE-2025-43496
[Apple Mail] Remote content may be loaded even when the 'Load Remote Images' setting is turned off |
N/A | — | [Apple Mail] Remote content may be loaded even when the 'Load Remote Images' setting is turned off | |
|
CVE-2025-43499
[Apple Shortcuts] An app may be able to access sensitive user data |
N/A | — | [Apple Shortcuts] An app may be able to access sensitive user data | |
|
CVE-2025-30465
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2025-43292
[Apple CoreMedia] An app may be able to access sensitive user data |
N/A | — | [Apple CoreMedia] An app may be able to access sensitive user data | |
|
CVE-2025-43322
[Apple Admin Framework] An app may be able to access user-sensitive data |
N/A | — | [Apple Admin Framework] An app may be able to access user-sensitive data | |
|
CVE-2025-43334
[Apple sudo] An app may be able to access user-sensitive data |
N/A | — | [Apple sudo] An app may be able to access user-sensitive data | |
|
CVE-2025-43335
[Apple Security] An app may be able to access user-sensitive data |
N/A | — | [Apple Security] An app may be able to access user-sensitive data | |
|
CVE-2025-43336
[Apple SoftwareUpdate] An app with root privileges may be able to access private information |
N/A | — | [Apple SoftwareUpdate] An app with root privileges may be able to access private information | |
|
CVE-2025-43337
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43348
[Apple Finder] An app may bypass Gatekeeper checks |
N/A | — | [Apple Finder] An app may bypass Gatekeeper checks | |
|
CVE-2025-43361
[Apple Audio] A malicious app may be able to read kernel memory |
N/A | — | [Apple Audio] A malicious app may be able to read kernel memory | |
|
CVE-2025-43373
[Apple Wi-Fi] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Wi-Fi] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-43378
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43379
[Apple AppleMobileFileIntegrity] An app may be able to access protected user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access protected user data | |
|
CVE-2025-43380
[Apple sips] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple sips] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-43382
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data | |
|
CVE-2025-43387
[Apple DiskArbitration] A malicious app may be able to gain root privileges |
N/A | — | [Apple DiskArbitration] A malicious app may be able to gain root privileges | |
|
CVE-2025-43390
[Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data | |
|
CVE-2025-43391
[Apple Photos] An app may be able to access sensitive user data |
N/A | — | [Apple Photos] An app may be able to access sensitive user data | |
|
CVE-2025-43394
[Apple bootp] An app may be able to access protected user data |
N/A | — | [Apple bootp] An app may be able to access protected user data | |
|
CVE-2025-43395
[Apple configd] An app may be able to access protected user data |
N/A | — | [Apple configd] An app may be able to access protected user data | |
|
CVE-2025-43396
[Apple Installer] A sandboxed app may be able to access sensitive user data |
N/A | — | [Apple Installer] A sandboxed app may be able to access sensitive user data | |
|
CVE-2025-43397
[Apple SoftwareUpdate] An app may be able to cause a denial-of-service |
N/A | — | [Apple SoftwareUpdate] An app may be able to cause a denial-of-service | |
|
CVE-2025-43401
[Apple CoreAnimation] A remote attacker may be able to cause a denial-of-service |
N/A | — | [Apple CoreAnimation] A remote attacker may be able to cause a denial-of-service | |
|
CVE-2025-43405
[Apple Photos] An app may be able to access user-sensitive data |
N/A | — | [Apple Photos] An app may be able to access user-sensitive data | |
|
CVE-2025-43407
[Apple Assets] An app may be able to break out of its sandbox |
N/A | — | [Apple Assets] An app may be able to break out of its sandbox | |
|
CVE-2025-43408
[Apple Share Sheet] An attacker with physical access may be able to access contacts from the lock screen |
N/A | — | [Apple Share Sheet] An attacker with physical access may be able to access contacts from the lock screen | |
|
CVE-2025-43409
[Apple Spotlight] An app may be able to access sensitive user data |
N/A | — | [Apple Spotlight] An app may be able to access sensitive user data | |
|
CVE-2025-43411
[Apple PackageKit] An app may be able to access user-sensitive data |
N/A | — | [Apple PackageKit] An app may be able to access user-sensitive data | |
|
CVE-2025-43412
[Apple TCC] An app may be able to break out of its sandbox |
N/A | — | [Apple TCC] An app may be able to break out of its sandbox | |
|
CVE-2025-43413
[Apple libxpc] A sandboxed app may be able to observe system-wide network connections |
N/A | — | [Apple libxpc] A sandboxed app may be able to observe system-wide network connections | |
|
CVE-2025-43414
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2025-43420
[Apple Dock] An app may be able to access sensitive user data |
N/A | — | [Apple Dock] An app may be able to access sensitive user data | |
|
CVE-2025-43446
[Apple Assets] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Assets] An app may be able to modify protected parts of the file system | |
|
CVE-2025-43468
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43469
[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data | |
|
CVE-2025-43472
[Apple bash] An app may be able to gain root privileges |
N/A | — | [Apple bash] An app may be able to gain root privileges | |
|
CVE-2025-43474
[Apple GPU Drivers] An app may be able to cause unexpected system termination or read kernel memory |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination or read kernel memory | |
|
CVE-2025-43476
[Apple SharedFileList] An app may be able to break out of its sandbox |
N/A | — | [Apple SharedFileList] An app may be able to break out of its sandbox | |
|
CVE-2025-43477
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-43478
[Apple ASP TCP] An app may be able to cause unexpected system termination |
N/A | — | [Apple ASP TCP] An app may be able to cause unexpected system termination | |
|
CVE-2025-43479
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data | |
|
CVE-2025-43481
[Apple Disk Images] An app may be able to break out of its sandbox |
N/A | — | [Apple Disk Images] An app may be able to break out of its sandbox | |
|
CVE-2025-43498
[Apple FileProvider] An app may be able to access sensitive user data |
N/A | — | [Apple FileProvider] An app may be able to access sensitive user data |