6.5
CVE-2025-43252 - Website May Access Sensitive Data via Symlink Resolution
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.
9.8
CVE-2025-43244 - Race Condition in macOS Causes Unexpected System Termination
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
4.6
CVE-2025-43259 - View of Sensitive Information on Locked macOS Devices via Physical Access
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information.
9.8
CVE-2025-43275 - macOS Race Condition Allows Sandbox Escape
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.
9.8
CVE-2025-43234 - Memory Corruption via Malicious Texture Causes App Termination in Multiple Apple Operating Systems
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.
5.5
CVE-2025-43185 - macOS Downgrade Vulnerability Allows Access to Protected User Data
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6. An app may be able to access protected user data.
6.5
CVE-2025-43214 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
7.8
CVE-2025-31243 - Permissions flaw enabling root privilege escalation in macOS
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.
7.8
CVE-2025-31280 - Memory Corruption Vulnerability in macOS via Malicious File
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption.
8.8
CVE-2025-31278 - webkitgtk: Processing maliciously crafted web content may lead to memory corruption
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.