SB2025012804 - Multiple vulnerabilities in Apple macOS Sonoma
Published: January 28, 2025 Updated: November 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 49 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2025-24139)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in sips when parsing ICC profiles. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
2) Input validation error (CVE-ID: CVE-2025-24166)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libxslt. A remote attacker can trick the victim into visiting a specially crafted website and perform a denial of service (DoS) attack.
3) UNIX symbolic link following (CVE-ID: CVE-2025-24136)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in Login Window. A local application can create symlinks to protected regions of the disk.
4) Improper access control (CVE-ID: CVE-2025-24130)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can modify protected parts of the file system.
5) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-24146)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Photos Storage includes user contact information in system log when deleting a conversation in Messages. A local application can gain access to sensitive data.
6) Out-of-bounds read (CVE-ID: CVE-2025-24149)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in SceneKit. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
7) UNIX symbolic link following (CVE-ID: CVE-2025-24103)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a symlink following issue within the Security feature. A local local application can access protected user data.
8) Buffer overflow (CVE-ID: CVE-2025-24151)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in SMB implementation. A local application can trigger memory corruption and crash the OS kernel.
9) Path traversal (CVE-ID: CVE-2025-24115)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to input validation error in LaunchServices. A local application can read files outside of its sandbox.
10) Information disclosure (CVE-ID: CVE-2025-24138)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Spotlight. A local application can gain access to sensitive information.
11) Configuration (CVE-ID: CVE-2024-44243)
The issue may allow a local application to modify protected parts of the filesystem.
The issue exists due to incorrect default configuration settings in StorageKit. A local application can modify protected parts of the filesystem.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24176)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can execute arbitrary code with elevated privileges.
13) Improper access control (CVE-ID: CVE-2025-24092)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in TV App. A local application can gain access to sensitive information.
14) Out-of-bounds write (CVE-ID: CVE-2025-24154)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when processing untrusted input in WebContentFilter. A remote attacker can trick the victim into opening a specially crafted file, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2025-24120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in WindowServer. A local user can perform a denial of service (DoS) attack.
16) Integer overflow (CVE-ID: CVE-2025-24156)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow in Xsan. A local application can trigger an integer overflow and execute arbitrary code with elevated privileges.
17) Improper access control (CVE-ID: CVE-2025-24116)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in LaunchServices. A local application can bypass Privacy preferences.
18) Race condition (CVE-ID: CVE-2025-24094)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a race condition in LaunchServices. A local application can gain access to sensitive information.
19) Type Confusion (CVE-ID: CVE-2025-24137)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in AirPlay. A remote attacker can send specially crafted packets to the device, trigger a type confusion error and execute arbitrary code on the target system.
20) Input validation error (CVE-ID: CVE-2025-24106)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Audio. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2025-24112)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in AppleGraphicsControl. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
22) Improper access control (CVE-ID: CVE-2025-24109)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can access sensitive user data.
23) Improper access control (CVE-ID: CVE-2025-24100)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can access information about a user's contacts.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24114)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
25) Improper access control (CVE-ID: CVE-2025-24121)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
26) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24122)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
27) Input validation error (CVE-ID: CVE-2025-24127)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ARKit. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
28) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24159)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the OS kernel. A local application can execute arbitrary code with kernel privileges.29) Input validation error (CVE-ID: CVE-2025-24161)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2025-24160)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2025-24163)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.
32) Out-of-bounds read (CVE-ID: CVE-2025-24123)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted MOV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
33) Out-of-bounds write (CVE-ID: CVE-2025-24124)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted MOV file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
34) Improper access control (CVE-ID: CVE-2025-24102)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreRoutine. A local application can determine a user’s current location.
35) Security features bypass (CVE-ID: CVE-2025-24174)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an error in iCloud Photo Library. A local application can bypass Privacy preferences.
36) Buffer overflow (CVE-ID: CVE-2025-24086)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and perform a denial of service (DoS) attack.
37) Buffer overflow (CVE-ID: CVE-2025-24118)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
38) Out-of-bounds write (CVE-ID: CVE-2024-54509)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ASP TCP. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
39) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44172)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Contacts application stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.
40) Input validation error (CVE-ID: CVE-2024-54497)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in QuartzCore. A remote attacker can trick the victim into visiting a specially crafted website and perform a denial of service (DoS) attack.
41) Improper access control (CVE-ID: CVE-2025-24093)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in Sandbox. A local application can access removable volumes without user consent.
42) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper imposed security restrictions in PackageKit. A local user can execute arbitrary code with elevated privileges.
43) Out-of-bounds write (CVE-ID: CVE-2025-24185)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in sips. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
44) Use-after-free (CVE-ID: CVE-2024-55549)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xsltGetInheritedNsList. A remote attacker can pass specially crafted input to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
45) Use-after-free (CVE-ID: CVE-2025-24855)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in numbers.c when handling nested XPath evaluations. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
46) Improper access control (CVE-ID: CVE-2025-24183)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Perl component. A remote local user can modify protected parts of the file system.
47) Information exposure through log files (CVE-ID: CVE-2025-31242)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in StoreKit. A local application can access sensitive user data.
48) Path traversal (CVE-ID: CVE-2025-31248)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to input validation error when processing directory paths in UserAccountUpdater. A local application can gain access to sensitive user data.
49) Out-of-bounds read (CVE-ID: CVE-2025-43374)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Wi-Fi component. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of kernel memory.
Remediation
Install update from vendor's website.