macOS

macOS 13.7.6

30 CVEs fixed by this release.

Release date: 2025-05-12
End of support: 2025-09-15 EOL
CVEs fixed: 30

CISA KEV: 0
Critical: 0
High: 1
NVD pending: 29

CVEs fixed

CVE	Severity	KEV	Published	Description
CVE-2024-8176 2025-05-12 [Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution	HIGH 7.5	—	2025-05-12	[Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution
CVE-2025-24142 2025-05-12 [Apple Notification Center] An app may be able to access sensitive user data	N/A	—	2025-05-12	[Apple Notification Center] An app may be able to access sensitive user data
CVE-2025-24144 2025-05-12 [Apple Kernel] An app may be able to leak sensitive kernel state	N/A	—	2025-05-12	[Apple Kernel] An app may be able to leak sensitive kernel state
CVE-2025-24155 2025-05-12 [Apple WebContentFilter] An app may be able to disclose kernel memory	N/A	—	2025-05-12	[Apple WebContentFilter] An app may be able to disclose kernel memory
CVE-2025-24258 2025-05-12 [Apple DiskArbitration] An app may be able to gain root privileges	N/A	—	2025-05-12	[Apple DiskArbitration] An app may be able to gain root privileges
CVE-2025-24274 2025-05-12 [Apple Mobile Device Service] A malicious app may be able to gain root privileges	N/A	—	2025-05-12	[Apple Mobile Device Service] A malicious app may be able to gain root privileges
CVE-2025-30440 2025-05-12 [Apple Libinfo] An app may be able to bypass ASLR	N/A	—	2025-05-12	[Apple Libinfo] An app may be able to bypass ASLR
CVE-2025-30442 2025-05-12 [Apple Software Update] An app may be able to gain elevated privileges	N/A	—	2025-05-12	[Apple Software Update] An app may be able to gain elevated privileges
CVE-2025-30448 2025-05-12 [Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication	N/A	—	2025-05-12	[Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication
CVE-2025-30453 2025-05-12 [Apple DiskArbitration] A malicious app may be able to gain root privileges	N/A	—	2025-05-12	[Apple DiskArbitration] A malicious app may be able to gain root privileges
CVE-2025-31196 2025-05-12 [Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memo…	N/A	—	2025-05-12	[Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents
CVE-2025-31208 2025-05-12 [Apple CoreAudio] Parsing a file may lead to an unexpected app termination	N/A	—	2025-05-12	[Apple CoreAudio] Parsing a file may lead to an unexpected app termination
CVE-2025-31209 2025-05-12 [Apple CoreGraphics] Parsing a file may lead to disclosure of user information	N/A	—	2025-05-12	[Apple CoreGraphics] Parsing a file may lead to disclosure of user information
CVE-2025-31213 2025-05-12 [Apple Security] An app may be able to access associated usernames and websites in a user's iCloud Keychain	N/A	—	2025-05-12	[Apple Security] An app may be able to access associated usernames and websites in a user's iCloud Keychain
CVE-2025-31219 2025-05-12 [Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory	N/A	—	2025-05-12	[Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory
CVE-2025-31220 2025-05-12 [Apple Weather] A malicious app may be able to read sensitive location information	N/A	—	2025-05-12	[Apple Weather] A malicious app may be able to read sensitive location information
CVE-2025-31221 2025-05-12 [Apple Security] A remote attacker may be able to leak memory	N/A	—	2025-05-12	[Apple Security] A remote attacker may be able to leak memory
CVE-2025-31222 2025-05-12 [Apple mDNSResponder] A user may be able to elevate privileges	N/A	—	2025-05-12	[Apple mDNSResponder] A user may be able to elevate privileges
CVE-2025-31224 2025-05-12 [Apple Sandbox] An app may be able to bypass certain Privacy preferences	N/A	—	2025-05-12	[Apple Sandbox] An app may be able to bypass certain Privacy preferences
CVE-2025-31232 2025-05-12 [Apple Installer] A sandboxed app may be able to access sensitive user data	N/A	—	2025-05-12	[Apple Installer] A sandboxed app may be able to access sensitive user data
CVE-2025-31233 2025-05-12 [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process…	N/A	—	2025-05-12	[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory
CVE-2025-31235 2025-05-12 [Apple Audio] An app may be able to cause unexpected system termination	N/A	—	2025-05-12	[Apple Audio] An app may be able to cause unexpected system termination
CVE-2025-31237 2025-05-12 [Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination	N/A	—	2025-05-12	[Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination
CVE-2025-31239 2025-05-12 [Apple CoreMedia] Parsing a file may lead to an unexpected app termination	N/A	—	2025-05-12	[Apple CoreMedia] Parsing a file may lead to an unexpected app termination
CVE-2025-31240 2025-05-12 [Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination	N/A	—	2025-05-12	[Apple afpfs] Mounting a maliciously crafted AFP network share may lead to system termination
CVE-2025-31241 2025-05-12 [Apple Kernel] A remote attacker may cause an unexpected app termination	N/A	—	2025-05-12	[Apple Kernel] A remote attacker may cause an unexpected app termination
CVE-2025-31242 2025-05-12 [Apple StoreKit] An app may be able to access sensitive user data	N/A	—	2025-05-12	[Apple StoreKit] An app may be able to access sensitive user data
CVE-2025-31245 2025-05-12 [Apple Pro Res] An app may be able to cause unexpected system termination	N/A	—	2025-05-12	[Apple Pro Res] An app may be able to cause unexpected system termination
CVE-2025-31247 2025-05-12 [Apple SharedFileList] An attacker may gain access to protected parts of the file system	N/A	—	2025-05-12	[Apple SharedFileList] An attacker may gain access to protected parts of the file system
CVE-2025-31251 2025-05-12 [Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process…	N/A	—	2025-05-12	[Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory