5.5
CVE-2025-24214 - Potential Access to Sensitive User Data via Text Field Logging on Apple Devices
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.
5
CVE-2025-24097 - Apple OS Permission Flaw Allows Arbitrary File Metadata Disclosure
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.
7.8
CVE-2025-24243 -
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.
7.8
CVE-2025-24234 - macOS Vulnerability that Enables Malicious Applications to Gain Root Privileges
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to gain root privileges.
9.8
CVE-2025-24263 - Apple macOS Sequoia Potential Data Observation Vulnerability
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
7.8
CVE-2025-24170 - Local Privilege Escalation via Improper File Handling in macOS
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
9.8
CVE-2025-30426 - Application Install Enumeration via Missing Entitlement Checks
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps.
9.8
CVE-2025-24259 - Unauthorized Safari Bookmark Access via Missing Entitlement Check
This issue was addressed with additional entitlement checks. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.
7.5
CVE-2025-30471 - RemoteβUser DenialβofβService via Input Validation Flaw in Apple Platform Software
A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.
4.3
CVE-2025-30467 - Malicious Website Causes Address Bar Spoofing on Apple Browsers and Devices
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing.