4
CVE-2025-43197 - macOS Entitlement Check Bypass Permits Unauthorized Access to Sensitive User Data
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.
4
CVE-2025-43206 - Directory Path Parsing Vulnerability Allowing Access to Protected User Data
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
7.8
CVE-2025-43196 - Path Handling Vulnerability Allowing Root Privilege Escalation in macOS
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.
4
CVE-2025-43265 - webkitgtk: Processing maliciously crafted web content may disclose internal states of the app
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.
9.8
CVE-2025-43233 - Unauthorized HTTPS Proxy Interception Leading to Data Disclosure
This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app acting as a HTTPS proxy could get access to sensitive user data.
5.5
CVE-2025-43218 - OutβofβBounds Read in macOS from Malicious USD Files
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted USD file may disclose memory contents.
6.5
CVE-2025-24188 -
A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
6.5
CVE-2025-43216 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
9.8
CVE-2025-43186 - Buffer Overflow in Apple's File Parsing Leading to Application Crash
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Parsing a file may lead to an unexpected app termination.
4
CVE-2025-43217 - Inaccurate Microphone and Camera Privacy Indicator Display
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.