Multiple vulnerabilities in macOS Sequoia

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in Sandbox. A local application can access removable volumes without user consent.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

cpe:2.3:o:apple:macos:15.3.2:24D2082:*:*:*:*:*:*

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Spoofing attack

EUVDB-ID: #VU103350

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24113

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can trick the victim into visiting a specially crafted website and spoof the page content.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU82980

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-27043

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass filtration.

The vulnerability exists due to insufficient validation of user-supplied input when parsing email address with a special character. A remote attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU106309

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24202

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to Accessibility app stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU106325

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24212

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of untrusted input in Calendar. A local application can break out of its sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU106337

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24267

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to input validation error in DiskArbitration. A local application can gain root privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Path traversal

EUVDB-ID: #VU106336

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30456

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to input validation error in DiskArbitration when handling directory paths. A local application can gain root privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU106335

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24255

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to insufficient input validation in Disk Images. A local application can break out of its sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Comparison using wrong factors

EUVDB-ID: #VU99865

Risk: Low

CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9681

CWE-ID: CWE-1025 - Comparison using wrong factors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Path traversal

EUVDB-ID: #VU106334

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24277

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to input validation error in Crash Reporter when handling directory paths. A local application can gain root privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU106333

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24182

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in CoreText when handling font files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information disclosure

EUVDB-ID: #VU106332

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31191

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a state issue in CoreServices. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Path traversal

EUVDB-ID: #VU106331

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30454

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to input validation error in CoreMedia Playback when handling file names. A local application can access private information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU106330

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24190

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system in the context of the WebKit GPU process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security features bypass

EUVDB-ID: #VU106329

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24236

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an error in CoreMedia. A local application can bypass sandbox restrictions and access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds write

EUVDB-ID: #VU106328

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24211

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system in the context of the WebKit GPU process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU106327

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24230

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in CoreAudio. A remote attacker can create a specially crafted MP4 file, trick the victim into playing it, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU103340

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24163

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CoreAudio. A remote attacker can trick the victim into opening a specially crafted media file and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper access control

EUVDB-ID: #VU106326

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24215

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in CloudKit. A local application can gain access to private information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Path traversal

EUVDB-ID: #VU106324

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30429

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to input validation error when processing filenames in Calendar. A local application can break out of its sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper access control

EUVDB-ID: #VU106339

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31187

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Dock. A local application can modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU106323

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24237

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in BiometricKit. A local application can trigger a buffer overflow and terminate the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106322

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30460

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper privilege management in Automator. A local application can gain access to protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information Exposure Through Timing Discrepancy

EUVDB-ID: #VU106321

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24245

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an error in Authentication Services. A local application can access a user's saved passwords by adding a delay between verification code attempts.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Security features bypass

EUVDB-ID: #VU106320

Risk: Medium

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24180

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in Authentication Services due to insufficient input validation. A remote attacker can trick the victim into visiting a specially crafted website that is able to claim WebAuthn credentials from another website that shares a registrable suffix.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) State Issues

EUVDB-ID: #VU106319

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:U/U:Clear]

CVE-ID: CVE-2025-30430

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows an attacker to gain unauthorized access to third-party services.

The vulnerability exists in Authentication Services due to software autofill passwords after failing authentication. An attacker with physical access to the system can login to a third-party application using credentials provided by Authentication Services.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU106318

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24243

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Audio. A remote attacker can create a specially crafted AMR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU106317

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24244

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Audio when handling font files. A remote attacker can create a specially crafted WAV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Information disclosure

EUVDB-ID: #VU106316

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30443

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in AppleMobileFileIntegrity. A local application can gain unauthorized access to user-sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106315

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24233

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to AppleMobileFileIntegrity does not properly impose security restrictions. A local application can read or write to protected files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106314

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24239

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an error in AppleMobileFileIntegrity. A local application can access protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106313

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24272

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper privilege management in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Information disclosure

EUVDB-ID: #VU106312

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24276

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in App Store. A local application can gain unauthorized access to private information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106311

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24097

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a permissions issue in AirDrop. A local application can read arbitrary file metadata.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106310

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24234

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an error in AccountPolicy. A local application can execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper access control

EUVDB-ID: #VU106338

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30455

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Dock. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Untrusted search path

EUVDB-ID: #VU106340

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30462

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path in dyld. A local application use App Sandbox to inject arbitrary library and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU104099

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-56171

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU104213

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-27113

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xmlPatMatch() function in pattern.c. A remote attacker can pass specially crafted XML document to the affected application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU98512

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-48958

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the execute_filter_delta() function in archive_read_support_format_rar.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information disclosure

EUVDB-ID: #VU106341

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30451

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in FaceTime. A local application can gain access to sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper limitation of a pathname to a restricted directory ('path traversal')

EUVDB-ID: #VU106848

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30470

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to incorrect handling of path names in Maps. A local application can read sensitive location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory corruption

EUVDB-ID: #VU106836

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24157

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Xsan. A local application can cause unexpected system termination or corrupt kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper link resolution before file access ('link following')

EUVDB-ID: #VU106827

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24278

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to insecure symbolic link following in System Settings. A local application can access protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper link resolution before file access ('link following')

EUVDB-ID: #VU106825

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24253

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to insecure symbolic link following in StorageKit. A local application can access protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Permissions, privileges, and access controls

EUVDB-ID: #VU106824

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30449

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can gain root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper access control

EUVDB-ID: #VU106823

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24231

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Software Update. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper link resolution before file access ('link following')

EUVDB-ID: #VU106822

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24254

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure symbolic link following in Software Update. A local user can elevate privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Memory corruption

EUVDB-ID: #VU106835

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24265

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in Xsan. A local application can cause unexpected system termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory corruption

EUVDB-ID: #VU106819

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24269

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in SMB. A local application can cause unexpected system termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) State issues

EUVDB-ID: #VU106818

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24205

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a state management issue in Siri. A local application can access user-sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Information exposure through log files

EUVDB-ID: #VU106817

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24214

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in Siri. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Information exposure

EUVDB-ID: #VU106816

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24217

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to excessive data output in Siri. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Information exposure

EUVDB-ID: #VU106814

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30435

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to excessive data output in Siri. A local application can access sensitive user data in system logs.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper access control

EUVDB-ID: #VU106779

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24280

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access user-sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper access control

EUVDB-ID: #VU106813

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31183

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Siri. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Untrusted search path

EUVDB-ID: #VU106821

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24282

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure search path for libraries in Software Update. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper link resolution before file access ('link following')

EUVDB-ID: #VU106828

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24242

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure symbolic link following in System Settings. A local application can access private information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Information exposure through log files

EUVDB-ID: #VU106826

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24218

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in Summarization Services. A local application can access information about a user's contacts.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory corruption

EUVDB-ID: #VU106820

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24228

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in SMB. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Memory corruption

EUVDB-ID: #VU106834

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24266

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in Xsan. A local application can cause unexpected system termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Permissions, privileges, and access controls

EUVDB-ID: #VU106663

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24181

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can access protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Permissions, privileges, and access controls

EUVDB-ID: #VU106487

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30446

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify the contents of system files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper access control

EUVDB-ID: #VU106477

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24164

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper access control

EUVDB-ID: #VU106468

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24261

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) State issues

EUVDB-ID: #VU106453

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24232

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a state management issue in NSDocument. A local application can trick the victim into opening a specially crafted file and access arbitrary files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Information exposure through log files

EUVDB-ID: #VU106447

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24262

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to inclusion of sensitive information into a log file in Notes. A local application can access sensitive user data in system logs.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper link resolution before file access ('link following')

EUVDB-ID: #VU106434

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30450

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to insecure symbolic link following in manpages. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper access control

EUVDB-ID: #VU106427

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24238

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in libxpc. A local application can gain elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) State issues

EUVDB-ID: #VU106422

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24178

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a state management issue in libxpc. A local application can break out of its sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper access control

EUVDB-ID: #VU106419

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24194

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in libnetcore. A remote attacker can trick the victim into opening a specially crafted file and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper input validation

EUVDB-ID: #VU106418

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24195

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient input validation in Libinfo. A local user can elevate privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper input validation

EUVDB-ID: #VU106417

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24195

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient input validation in Libinfo. A local user can elevate privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Memory corruption

EUVDB-ID: #VU106415

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24196

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Kernel. A local user can read kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper input validation

EUVDB-ID: #VU106546

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24191

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation in RPAC. A local application can modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper input validation

EUVDB-ID: #VU106416

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24148

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient input validation in LaunchServices. A remote attacker can trick the victim into opening a specially crafted JAR file and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper access control

EUVDB-ID: #VU106414

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24203

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Kernel. A local application can modify protected parts of the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Permissions, privileges, and access controls

EUVDB-ID: #VU106682

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30458

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in SceneKit. A local application can read files outside of its sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper access control

EUVDB-ID: #VU106498

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24259

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Parental Controls. A local application can retrieve Safari bookmarks without an entitlement check.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper input validation

EUVDB-ID: #VU106460

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24246

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to insufficient input validation in OpenSSH. A local application can access user-sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper access control

EUVDB-ID: #VU106521

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24173

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Power Services. A local application can break out of its sandbox.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Memory corruption

EUVDB-ID: #VU106411

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30437

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOMobileFrameBuffer. A local application can corrupt coprocessor memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper access control

EUVDB-ID: #VU106408

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24249

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Installer. A local application can check the existence of an arbitrary path on the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Out-of-bounds read

EUVDB-ID: #VU106407

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24210

https://support.apple.com/en-us/122373
https://www.zerodayinitiative.com/advisories/ZDI-25-195/

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreGraphics framework. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper access control

EUVDB-ID: #VU106406

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30463

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Handoff. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

https://support.apple.com/en-us/122373
https://www.zerodayinitiative.com/advisories/ZDI-25-194/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU106405

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24256

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a race condition within the AppleIntelKBLGraphics kext. A local application can disclose kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper input validation

EUVDB-ID: #VU106402

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24199

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in Foundation. A local application can cause a denial-of-service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds write

EUVDB-ID: #VU106403

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30464

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds write in GPU Drivers. A local application can cause unexpected system termination or corrupt kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Information exposure through log files

EUVDB-ID: #VU106401

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30447

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in Foundation. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper access control

EUVDB-ID: #VU106400

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30461

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Foundation. A local application can access protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper access control

EUVDB-ID: #VU106398

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30439

Exploit availability: No

Description

The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Focus. An attacker with physical access to the system can view sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Information exposure

EUVDB-ID: #VU106397

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24281

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to excessive data output in FeedbackLogger. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper access control

EUVDB-ID: #VU106413

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24204

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Kernel. A local application can access protected user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Out-of-bounds write

EUVDB-ID: #VU106404

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24273

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds write in GPU Drivers. A local application can cause unexpected system termination or corrupt kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Memory corruption

EUVDB-ID: #VU106412

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24235

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in Kerberos Helper. A remote attacker can trick the victim into opening a specially crafted file and cause unexpected app termination or heap corruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Information exposure through log files

EUVDB-ID: #VU106399

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24283

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in Focus. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Out-of-bounds write

EUVDB-ID: #VU106410

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24257

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds write in IOGPUFamily. A local application can cause unexpected system termination or write kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper access control

EUVDB-ID: #VU106409

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24229

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Installer. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU106875

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30424

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an error in Photos Storage. Deleting a conversation in Messages may expose user contact information in system logging.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Improper access control

EUVDB-ID: #VU106874

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30426

Exploit availability: No

Description

The vulnerability allows a local application to enumerate installed apps on device.

The vulnerability exists due to improper access restrictions in NetworkExtension. A local application can enumerate a user's installed apps.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Protection Mechanism Failure

EUVDB-ID: #VU106873

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24172

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the "Block All Remote Content" feature in Mail, which may not apply for al mail previews. A remote attacker can gain access to sensitive information when the victim opens a specially crafted email message.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Link following

EUVDB-ID: #VU106872

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31182

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local application to gain delete arbitrary files on the system.

The vulnerability exists due to insecure symbolic link following in libxpc. A local application can delete files from the system it does not have access to.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Type confusion

EUVDB-ID: #VU106901

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24247

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in WindowServer. A remote attacker can trigger a type confusion error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Race condition

EUVDB-ID: #VU106898

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31188

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to a race condition in StorageKit. A local application can bypass Privacy preferences.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Race condition

EUVDB-ID: #VU106897

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24240

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a race condition in StorageKit. A local application can access user-sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Protection Mechanism Failure

EUVDB-ID: #VU106896

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24207

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in Storage Management. A local application can enable iCloud storage features without user consent.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Buffer overflow

EUVDB-ID: #VU106894

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24260

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in smbx. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Race condition

EUVDB-ID: #VU106893

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30444

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in SMB implementation. A local user mount a maliciously crafted SMB network share and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Information disclosure

EUVDB-ID: #VU106892

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24198

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by Siri. An attacker with physical access to device can use Siri to access sensitive user data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Information disclosure

EUVDB-ID: #VU106891

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24248

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by Siri. A local application can enumerate devices that have signed into the user's Apple Account.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106888

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30465

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restriction sin Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31194

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local application can run with admin privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper access control

EUVDB-ID: #VU106887

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30438

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in Share Sheet. A local application can dismiss the system notification on the Lock Screen that a recording was started.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Information disclosure

EUVDB-ID: #VU106886

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24250

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to an error in Security component. A malicious app acting as a HTTPS proxy can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Input validation error

EUVDB-ID: #VU106885

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30471

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Security component. A remote attacker can pass specially crafted input to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper access control

EUVDB-ID: #VU106895

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24263

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in StickerKit. A local application can observe unprotected user data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Input validation error

EUVDB-ID: #VU106884

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30452

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input in Sandbox. A local application can bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Configuration

EUVDB-ID: #VU106902

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24241

CWE-ID: CWE-16 - Configuration

Exploit availability: No

Description

The issue may allow a local application to bypass implemented security restrictions.

The issue exists due to a configuration error in WindowServer. A local application can trick a user into copying sensitive data to the pasteboard.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper access control

EUVDB-ID: #VU106890

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30433

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Information disclosure

EUVDB-ID: #VU106900

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24279

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to incorrect file handling in Voice Control. A local application can access contacts.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Link following

EUVDB-ID: #VU106899

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30457

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure link following in SystemMigration. A local application can create symlinks to protected regions of the disk.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Spoofing attack

EUVDB-ID: #VU106876

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30467

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can trick the victim into clicking on a specially crafted URL and spoof the address bar.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Information disclosure

EUVDB-ID: #VU106877

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31192

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect checks in Safari. A remote attacker can trick the victim into visiting a specially crafted website and access sensor information without user consent.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Protection Mechanism Failure

EUVDB-ID: #VU106878

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24167

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker can bypass implemented security restrictions.

The vulnerability exists due to a state management issue. A remote attacker can trick the victim into visiting a specially crafted website and incorrectly associate the download's origin.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU106879

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31184

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient permissions checks. A remote attacker can trick Safari into gaining unauthorized access to Local Network.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Information disclosure

EUVDB-ID: #VU106880

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24192

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when handling script imports. A malicious website can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Memory corruption

EUVDB-ID: #VU106829

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24264

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Memory corruption

EUVDB-ID: #VU106831

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24216

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Type confusion

EUVDB-ID: #VU106881

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24213

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Memory corruption

EUVDB-ID: #VU106832

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24209

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected process crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use after free

EUVDB-ID: #VU106833

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30427

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Information disclosure

EUVDB-ID: #VU106883

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30425

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a state management issue. A remote attacker can track users in Safari private browsing mode.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 15.0 24A335 - 15.3.2 24D2082

CPE2.3

External links