5.5
CVE-2025-43379 - Symlink Validation Weakness Allowing Access to Protected User Data
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data.
6.5
CVE-2025-43457 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
4.3
CVE-2025-43441 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
4.9
CVE-2025-43504 - Buffer Overflow Causing Denial of Service in Xcode
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
7.1
CVE-2025-43338 - OutβofβBounds Memory Access in Media File Handling Causing Crash or Corruption
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
5.5
CVE-2025-43380 - OutβofβBounds Write Leading to Unexpected App Termination in macOS File Parsing
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination.
5.5
CVE-2025-43288 - Symlink Validation Allowing Privacy Preference Bypass
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to bypass Privacy preferences.
5.5
CVE-2025-43322 - macOS Logic Error Enables Unauthorized App Access to User Data
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
5.5
CVE-2025-43334 - Entitlement Check Bypass Allows App Access to Sensitive User Data
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
7.5
CVE-2025-43436 - Permissions Bypass Allows Enumeration of Installed Apps
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps.