SB2025091683 - Multiple vulnerabilities in macOS Sequoia
Published: September 16, 2025 Updated: November 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 38 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43358)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local user can bypass sandbox restrictions.
2) Out-of-bounds read (CVE-ID: CVE-2024-27280)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the "ungetbyte" and "ungetc" methods. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
3) Input validation error (CVE-ID: CVE-2025-31259)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in SoftwareUpdate. A local application can execute arbitrary code with elevated privileges.
4) Improper access control (CVE-ID: CVE-2025-43332)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Security Initialization. A local application can trick the victim into opening a specially crafted file and break out of its sandbox.
5) Improper input validation (CVE-ID: CVE-2025-43293)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in SharedFileList. A local application can access sensitive user data.
6) Improper input validation (CVE-ID: CVE-2025-43291)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in SharedFileList. A local application can modify protected parts of the file system.
7) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43286)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in SharedFileList. A local application can break out of its sandbox.
8) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43190)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in Spell Check. A local application can trick the victim into opening a specially crafted file and access sensitive user data.
9) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43298)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to incorrect handling of path names in PackageKit. A local application can trick the victim into opening a specially crafted file and gain root privileges.
10) Improper access control (CVE-ID: CVE-2025-24197)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Spotlight. A local application can access sensitive user data.
11) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43314)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in StorageKit. A local application can trick the victim into opening a specially crafted file and access sensitive user data.
12) State issues (CVE-ID: CVE-2025-43304)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in StorageKit. A local application can gain root privileges.
13) Improper access control (CVE-ID: CVE-2025-43311)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Touch Bar. A local application can access protected user data.
14) Improper access control (CVE-ID: CVE-2025-43308)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Touch Bar Controls. A local application can access sensitive user data.
15) Protection Mechanism Failure (CVE-ID: CVE-2025-43310)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in WindowServer. A local application can trick the victim into copying sensitive data to the pasteboard.
16) Race condition (CVE-ID: CVE-2025-40909)
The vulnerability allows a local user to tamper with application's behavior.
The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.
17) Information exposure through log files (CVE-ID: CVE-2025-43301)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Notification Center. A local application can access contact info related to notifications in Notification Center.
18) Memory corruption (CVE-ID: CVE-2025-43312)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AMD. A local application can cause unexpected system termination.
19) Memory corruption (CVE-ID: CVE-2025-43326)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can access sensitive user data.
20) Protection Mechanism Failure (CVE-ID: CVE-2025-43321)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due an error in AppKit when accessing unsigned services from launching on Intel Macs. A local application can gain access to sensitive information.
21) Permissions, privileges, and access controls (CVE-ID: CVE-2025-31268)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Apple Online Store Kit. A local application can access protected user data.
22) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43285)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in AppSandbox. A local application can access protected user data.
23) Improper input validation (CVE-ID: CVE-2025-43330)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in ATS. A local application can break out of its sandbox.
24) Out-of-bounds write (CVE-ID: CVE-2025-43349)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write in CoreAudio. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
25) State issues (CVE-ID: CVE-2025-43292)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in CoreMedia. A local application can access sensitive user data.
26) Improper access control (CVE-ID: CVE-2025-43305)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreServices. A local application can access private information.
27) Out-of-bounds write (CVE-ID: CVE-2025-43302)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write in IOHIDFamily. A local application can cause unexpected system termination.
28) Memory corruption (CVE-ID: CVE-2025-43355)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in MobileStorageMounter. A local application can cause a denial-of-service.
29) State issues (CVE-ID: CVE-2025-31255)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in IOKit. A local application can access sensitive user data.
30) State Issues (CVE-ID: CVE-2025-43359)
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to a log error within the OS kernel. A UDP server socket bound to a local interface may become bound to all interfaces exposing services on the Internet.
31) Improper input validation (CVE-ID: CVE-2025-43299)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.
32) Improper input validation (CVE-ID: CVE-2025-43295)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.
33) Heap-based buffer overflow (CVE-ID: CVE-2025-43353)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libinfo. A remote attacker can trick the victim into opening a specially crafted image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Improper input validation (CVE-ID: CVE-2025-43319)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in MediaLibrary. A local application can access protected user data.
35) Improper input validation (CVE-ID: CVE-2025-43315)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in MigrationKit. A local application can access user-sensitive data.
36) Link following (CVE-ID: CVE-2025-43288)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an insecure link following issue in Archive Utility. A local user can bypass Privacy preferences.
37) Improper access control (CVE-ID: CVE-2025-43345)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Kernel. A local application can access sensitive user data.
38) Race condition (CVE-ID: CVE-2025-43364)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in NetFSFramework. A local user can exploit the race and break out of its sandbox.
Remediation
Install update from vendor's website.