SB2025040104 - Multiple vulnerabilities in macOS Sonoma
Published: April 1, 2025 Updated: July 31, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 110 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2024-56171)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24234)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an error in AccountPolicy. A local application can execute arbitrary code with root privileges.
3) Buffer overflow (CVE-ID: CVE-2025-24237)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in BiometricKit. A local application can trigger a buffer overflow and terminate the system.
4) Path traversal (CVE-ID: CVE-2025-30454)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to input validation error in CoreMedia Playback when handling file names. A local application can access private information.
5) Out-of-bounds write (CVE-ID: CVE-2025-24211)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system in the context of the WebKit GPU process.
6) Buffer overflow (CVE-ID: CVE-2025-24190)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system in the context of the WebKit GPU process.
7) Security features bypass (CVE-ID: CVE-2025-24236)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error in CoreMedia. A local application can bypass sandbox restrictions and access sensitive user data.
8) Use-after-free (CVE-ID: CVE-2025-24085)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in CoreMedia. A local application can execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.9) Out-of-bounds read (CVE-ID: CVE-2025-24230)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in CoreAudio. A remote attacker can create a specially crafted MP4 file, trick the victim into playing it, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
10) Improper access control (CVE-ID: CVE-2025-24215)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CloudKit. A local application can gain access to private information.
11) Input validation error (CVE-ID: CVE-2025-24212)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of untrusted input in Calendar. A local application can break out of its sandbox.
12) Path traversal (CVE-ID: CVE-2025-30429)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to input validation error when processing filenames in Calendar. A local application can break out of its sandbox.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-30460)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper privilege management in Automator. A local application can gain access to protected user data.
14) Out-of-bounds read (CVE-ID: CVE-2025-24244)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Audio when handling font files. A remote attacker can create a specially crafted WAV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
15) Buffer overflow (CVE-ID: CVE-2025-24243)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio. A remote attacker can create a specially crafted AMR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Information disclosure (CVE-ID: CVE-2025-30443)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in AppleMobileFileIntegrity. A local application can gain unauthorized access to user-sensitive data.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24233)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to AppleMobileFileIntegrity does not properly impose security restrictions. A local application can read or write to protected files.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24272)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper privilege management in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
19) Information disclosure (CVE-ID: CVE-2025-24276)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in App Store. A local application can gain unauthorized access to private information.
20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24097)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a permissions issue in AirDrop. A local application can read arbitrary file metadata.
21) Information disclosure (CVE-ID: CVE-2025-31191)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a state issue in CoreServices. A local application can access sensitive user data.
22) Path traversal (CVE-ID: CVE-2025-24277)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to input validation error in Crash Reporter when handling directory paths. A local application can gain root privileges on the system.
23) NULL pointer dereference (CVE-ID: CVE-2025-27113)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xmlPatMatch() function in pattern.c. A remote attacker can pass specially crafted XML document to the affected application and perform a denial of service (DoS) attack.
24) Comparison using wrong factors (CVE-ID: CVE-2024-9681)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.
25) Untrusted search path (CVE-ID: CVE-2025-30462)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path in dyld. A local application use App Sandbox to inject arbitrary library and escalate privileges on the system.
26) Improper access control (CVE-ID: CVE-2025-31187)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Dock. A local application can modify protected parts of the file system.
27) Improper access control (CVE-ID: CVE-2025-30455)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Dock. A local application can gain access to sensitive information.
28) Path traversal (CVE-ID: CVE-2025-30456)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to input validation error in DiskArbitration when handling directory paths. A local application can gain root privileges on the system.
29) Input validation error (CVE-ID: CVE-2025-24267)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to input validation error in DiskArbitration. A local application can gain root privileges on the system.
30) Input validation error (CVE-ID: CVE-2025-24255)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient input validation in Disk Images. A local application can break out of its sandbox.
31) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24170)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in CoreServices. A local application can gain root privileges on the system.
32) State Issues (CVE-ID: CVE-2025-30432)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an state management error in OS kernel. An attacker with physical access to device and having a malicious app installed on the it can attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
33) Improper access control (CVE-ID: CVE-2024-54533)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Spotlight. A local application can access sensitive user data.
34) Information disclosure (CVE-ID: CVE-2024-40864)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Apple Account. A remote attacker on the local network can track a user's activity.
35) Improper access control (CVE-ID: CVE-2025-24231)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Software Update. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.
36) Improper input validation (CVE-ID: CVE-2025-24199)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in Foundation. A local application can cause a denial-of-service.
37) Information exposure through log files (CVE-ID: CVE-2025-30447)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Foundation. A local application can access sensitive user data.
38) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-24256)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a race condition within the AppleIntelKBLGraphics kext. A local application can disclose kernel memory.
39) Out-of-bounds write (CVE-ID: CVE-2025-24273)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds write in GPU Drivers. A local application can cause unexpected system termination or corrupt kernel memory.
40) Out-of-bounds write (CVE-ID: CVE-2025-30464)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds write in GPU Drivers. A local application can cause unexpected system termination or corrupt kernel memory.
41) Out-of-bounds read (CVE-ID: CVE-2025-24210)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreGraphics framework. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
42) Improper access control (CVE-ID: CVE-2025-24249)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Installer. A local application can check the existence of an arbitrary path on the file system.
43) Improper access control (CVE-ID: CVE-2025-24229)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Installer. A local application can access sensitive user data.
44) Memory corruption (CVE-ID: CVE-2025-24235)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Kerberos Helper. A remote attacker can trick the victim into opening a specially crafted file and cause unexpected app termination or heap corruption.
45) Improper access control (CVE-ID: CVE-2025-24203)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Kernel. A local application can modify protected parts of the file system.
46) Memory corruption (CVE-ID: CVE-2025-24196)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Kernel. A local user can read kernel memory.
47) Improper input validation (CVE-ID: CVE-2025-24148)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in LaunchServices. A remote attacker can trick the victim into opening a specially crafted JAR file and gain access to sensitive information.
48) Improper input validation (CVE-ID: CVE-2025-24195)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in Libinfo. A local user can elevate privileges.
49) State issues (CVE-ID: CVE-2025-24178)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in libxpc. A local application can break out of its sandbox.
50) Link following (CVE-ID: CVE-2025-31182)
The vulnerability allows a local application to gain delete arbitrary files on the system.
The
vulnerability exists due to insecure symbolic link following in libxpc. A local application can delete files from the system it does not have access to.
51) Improper access control (CVE-ID: CVE-2025-24238)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in libxpc. A local application can gain elevated privileges.
52) Protection Mechanism Failure (CVE-ID: CVE-2025-24172)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in the "Block All Remote Content" feature in Mail, which may not apply for al mail previews. A remote attacker can gain access to sensitive information when the victim opens a specially crafted email message.
53) Improper link resolution before file access ('link following') (CVE-ID: CVE-2025-30450)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure symbolic link following in manpages. A local application can access sensitive user data.
54) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-30470)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in Maps. A local application can read sensitive location information.
55) State issues (CVE-ID: CVE-2025-24232)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in NSDocument. A local application can trick the victim into opening a specially crafted file and access arbitrary files.
56) Improper input validation (CVE-ID: CVE-2025-24246)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in OpenSSH. A local application can access user-sensitive data.
57) Improper access control (CVE-ID: CVE-2025-24261)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.
58) Improper access control (CVE-ID: CVE-2025-24164)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify protected parts of the file system.
59) Permissions, privileges, and access controls (CVE-ID: CVE-2025-30446)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify the contents of system files.
60) Improper access control (CVE-ID: CVE-2025-24259)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Parental Controls. A local application can retrieve Safari bookmarks without an entitlement check.
61) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-30424)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error in Photos Storage. Deleting a conversation in Messages may expose user contact information in system logging.
62) Improper access control (CVE-ID: CVE-2025-24173)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Power Services. A local application can break out of its sandbox.
63) Input validation error (CVE-ID: CVE-2025-30452)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input in Sandbox. A local application can bypass implemented security restrictions.
64) Permissions, privileges, and access controls (CVE-ID: CVE-2025-24181)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can access protected user data.
65) Input validation error (CVE-ID: CVE-2025-30471)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Security component. A remote attacker can pass specially crafted input to the system and perform a denial of service (DoS) attack.
66) Information disclosure (CVE-ID: CVE-2025-24250)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error in Security component. A malicious app acting as a HTTPS proxy can gain access to sensitive information.
67) Improper access control (CVE-ID: CVE-2025-30438)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in Share Sheet. A local application can dismiss the system notification on the Lock Screen that a recording was started.
68) Improper access control (CVE-ID: CVE-2025-24280)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access user-sensitive data.
69) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-31194)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local application can run with admin privileges.
70) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-30465)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restriction sin Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.
71) Improper access control (CVE-ID: CVE-2025-30433)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.
72) Information disclosure (CVE-ID: CVE-2025-24198)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by Siri. An attacker with physical access to device can use Siri to access sensitive user data.
73) Improper access control (CVE-ID: CVE-2025-31183)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Siri. A local application can access sensitive user data.
74) State issues (CVE-ID: CVE-2025-24205)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in Siri. A local application can access user-sensitive data.
75) Race condition (CVE-ID: CVE-2025-30444)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in SMB implementation. A local user mount a maliciously crafted SMB network share and crash the system.
76) Memory corruption (CVE-ID: CVE-2025-24228)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in SMB. A local application can execute arbitrary code with kernel privileges.
77) Buffer overflow (CVE-ID: CVE-2025-24260)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in smbx. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and perform a denial of service (DoS) attack.
78) Improper link resolution before file access ('link following') (CVE-ID: CVE-2025-24254)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure symbolic link following in Software Update. A local user can elevate privileges.
79) Protection Mechanism Failure (CVE-ID: CVE-2025-24207)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in Storage Management. A local application can enable iCloud storage features without user consent.
80) Permissions, privileges, and access controls (CVE-ID: CVE-2025-30449)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can gain root privileges.
81) Improper link resolution before file access ('link following') (CVE-ID: CVE-2025-24253)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure symbolic link following in StorageKit. A local application can access protected user data.
82) Race condition (CVE-ID: CVE-2025-31188)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a race condition in StorageKit. A local application can bypass Privacy preferences.
83) Race condition (CVE-ID: CVE-2025-24240)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a race condition in StorageKit. A local application can access user-sensitive data.
84) Improper link resolution before file access ('link following') (CVE-ID: CVE-2025-24278)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure symbolic link following in System Settings. A local application can access protected user data.
85) Link following (CVE-ID: CVE-2025-30457)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure link following in SystemMigration. A local application can create symlinks to protected regions of the disk.
86) Information disclosure (CVE-ID: CVE-2025-24279)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to incorrect file handling in Voice Control. A local application can access contacts.
87) Type confusion (CVE-ID: CVE-2025-24247)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in WindowServer. A remote attacker can trigger a type confusion error and perform a denial of service (DoS) attack.
88) Configuration (CVE-ID: CVE-2025-24241)
The issue may allow a local application to bypass implemented security restrictions.
The issue exists due to a configuration error in WindowServer. A local application can trick a user into copying sensitive data to the pasteboard.
89) Memory corruption (CVE-ID: CVE-2025-24266)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Xsan. A local application can cause unexpected system termination.
90) Memory corruption (CVE-ID: CVE-2025-24265)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Xsan. A local application can cause unexpected system termination.
91) Memory corruption (CVE-ID: CVE-2025-24157)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Xsan. A local application can cause unexpected system termination or corrupt kernel memory.
92) NULL pointer dereference (CVE-ID: CVE-2025-24177)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device and perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2025-24179)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device and perform a denial of service (DoS) attack.
94) Input validation error (CVE-ID: CVE-2025-24251)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in AirPlay. A remote attacker on the local network can send specially crafted input to the system and perform a denial of service (DoS) attack.
95) Input validation error (CVE-ID: CVE-2025-31197)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in AirPlay. A remote attacker on the local network can send specially crafted input to the system and perform a denial of service (DoS) attack.
96) Improper authentication (CVE-ID: CVE-2025-24206)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a state issue in AirPlay when handling authentication requests. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the system.
97) Buffer overflow (CVE-ID: CVE-2025-24126)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in AirPlay. A remote attacker on the local network can send specially crafted input to the device, trigger memory corruption and execute arbitrary code on the target system.
98) Missing authorization (CVE-ID: CVE-2025-24271)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to missing authorization checks in AirPlay. A remote non-authenticated attacker on the same network as a signed-in Mac can send it AirPlay commands without pairing.
99) Information disclosure (CVE-ID: CVE-2025-24270)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in AirPlay. A remote attacker on the local network can gain unauthorized access to sensitive information.
100) Buffer overflow (CVE-ID: CVE-2025-24131)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device, trigger memory corruption and perform a denial of service (DoS) attack.
101) Type Confusion (CVE-ID: CVE-2025-24129)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device, trigger a type confusion error and perform a denial of service (DoS) attack.
102) Type Confusion (CVE-ID: CVE-2025-30445)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to type confusion error in AirPlay. A remote attacker on the local network can perform a denial of service (DoS) attack.
103) Use after free (CVE-ID: CVE-2025-24252)
The vulnerability allows a remote attacker on the local network to compromise the affected system.
The vulnerability exists due to a use-after-free error in AirPlay. A remote attacker on the local network can corrupt process memory.
104) Integer overflow (CVE-ID: CVE-2025-31203)
The vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in CoreUtils. A remote attacker on the local network can send specially crafted input to the system, trigger an integer overflow and perform a denial-of-service attack.
105) Buffer overflow (CVE-ID: CVE-2025-24111)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Display. A local application can trigger memory corruption and escalate privileges on the system.
106) Security features bypass (CVE-ID: CVE-2025-31189)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Disk Images. A local application can bypass file quarantine mechanism and break out of its sandbox.
107) Improper authentication (CVE-ID: CVE-2025-31264)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper authentication in macOS Recovery feature. An attacker with physical access to the system can obtain sensitive user information from a locked device.
108) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-31261)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to StorageKit does not properly impose security restrictions. A local application can access protected user data.
109) Link following (CVE-ID: CVE-2025-31198)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when handling .zip archives. A remote attacker can trick the victim into extracting a specially crafted archive and overwrite arbitrary files on the system, leading to remote code execution.
110) Out-of-bounds read (CVE-ID: CVE-2025-43205)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Audio component. A local application can trigger an out-of-bounds read error and read contents of memory on the system, which can lead to ASLR bypass.
Remediation
Install update from vendor's website.