6.2
CVE-2025-43211 - webkitgtk: Processing web content may lead to a denial-of-service
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.
4
CVE-2025-43250 - macOS Sandbox Escape via Improper Path Validation
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.
9.8
CVE-2025-43245 -
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
6.5
CVE-2025-43212 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
9.8
CVE-2025-43253 - Privilege Escalation via Improper Input Validation Allows Launch of Arbitrary Binaries
This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to launch arbitrary binaries on a trusted device.
5.5
CVE-2025-43195 - Environment Variable Validation Flaw Allows Sensitive Data Exposure
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.
4.3
CVE-2025-43228 - webkitgtk: Visiting a malicious website may lead to address bar spoofing
The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.
7.8
CVE-2025-43249 - Root Privilege Escalation via Improper Logic Checks in Apple macOS
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.
9.8
CVE-2025-43199 - macOS Privilege Escalation via Permissions Bypass
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app may be able to gain root privileges.
7.1
CVE-2025-43224 - Out-of-Bounds Media Handling Access Causing App Termination or Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.