SB2025073054 - Multiple vulnerabilities in Apple macOS Sonoma
Published: July 30, 2025 Updated: October 16, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 52 secuirty vulnerabilities.
1) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43250)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to incorrect handling of path names in SharedFileList. A local application can break out of its sandbox.
2) Information exposure through log files (CVE-ID: CVE-2025-43225)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Notes. A local application can access sensitive user data.
3) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43266)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in NSSpellChecker. A local application can break out of its sandbox.
4) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43247)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify the contents of system files.
5) Improper access control (CVE-ID: CVE-2025-43194)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can modify protected parts of the file system.
6) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43241)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in SceneKit. A local application can trick the victim into opening a specially crafted file and read files outside of its sandbox.
7) Memory corruption (CVE-ID: CVE-2025-43193)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in SecurityAgent. A local application can cause a denial-of-service.
8) Improper access control (CVE-ID: CVE-2025-43197)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Single Sign-On. A local application can access sensitive user data.
9) Memory corruption (CVE-ID: CVE-2025-43239)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in sips. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
10) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43243)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Software Update. A local application can modify protected parts of the file system.
11) Improper access control (CVE-ID: CVE-2025-43246)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Spotlight. A local application can access sensitive user data.
12) State issues (CVE-ID: CVE-2025-43256)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in StorageKit. A local application can gain root privileges.
13) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43206)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in System Settings. A local application can trick the victim into opening a specially crafted file and access protected user data.
14) Memory corruption (CVE-ID: CVE-2025-43189)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a boundary error in WebContentFilter. A local application can read kernel memory.
15) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-43259)
The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.
The vulnerability exists due to excessive data output in WindowServer. An attacker with physical access to the system can view sensitive user information.
16) Improper input validation (CVE-ID: CVE-2025-43238)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in Xsan. A local application can cause unexpected system termination.
17) Improper access control (CVE-ID: CVE-2025-43270)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Notes. A local application can Local Network.
18) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43191)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of path names in Admin Framework. A local application can cause a denial-of-service.
19) Improper input validation (CVE-ID: CVE-2025-43199)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in Core Services. A local application can gain root privileges.
20) Memory corruption (CVE-ID: CVE-2025-43186)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in afclip. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.
21) State issues (CVE-ID: CVE-2025-43244)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a state management issue in AMD. A local application can cause unexpected system termination.
22) Permissions, privileges, and access controls (CVE-ID: CVE-2025-31243)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can gain root privileges.
23) Input validation error (CVE-ID: CVE-2025-43253)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient input validation in AppleMobileFileIntegrity. A local application can launch arbitrary binaries on a trusted device.
24) Improper access control (CVE-ID: CVE-2025-43249)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain root privileges.
25) Improper access control (CVE-ID: CVE-2025-43248)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain root privileges.
26) Cryptographic issues (CVE-ID: CVE-2025-43245)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a cryptographic issue in AppleMobileFileIntegrity. A local application can access protected user data.
27) Use-after-free (CVE-ID: CVE-2025-43222)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the CFNetwork component. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
28) Improper input validation (CVE-ID: CVE-2025-43223)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in CFNetwork. A local user can modify restricted network settings.
29) Improper link resolution before file access ('link following') (CVE-ID: CVE-2025-43220)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure symbolic link following in copyfile. A local application can access protected user data.
30) Memory corruption (CVE-ID: CVE-2025-43210)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CoreMedia. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
31) Improper input validation (CVE-ID: CVE-2025-43195)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in CoreServices. A local application can access sensitive user data.
32) OS Command Injection (CVE-ID: CVE-2025-43187)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation. A local user can run the hdiutil command to execute arbitrary code on the system.
33) Improper input validation (CVE-ID: CVE-2025-43198)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in Dock. A local application can access protected user data.
34) Improper input validation (CVE-ID: CVE-2025-43254)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in file. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
35) Improper access control (CVE-ID: CVE-2025-43261)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in File Bookmark. A local application can break out of its sandbox.
36) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-31279)
The vulnerability allows a local application to fingerprint the user.
The vulnerability exists due to improperly imposed security restrictions in Find My feature. A local application can gain access to sensitive information.
37) Memory corruption (CVE-ID: CVE-2025-43255)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can cause unexpected system termination.
38) Memory corruption (CVE-ID: CVE-2025-43209)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ICU. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.
39) Improper input validation (CVE-ID: CVE-2025-43226)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in ImageIO. A remote attacker can trick the victim into opening a specially crafted file and gain access to sensitive information.
40) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43196)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to incorrect handling of path names in libxpc. A local application can gain root privileges.
41) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-43184)
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to a missing consent prompt in Shortcuts. An attacker can trick the victim into executing a specially crafted shortcut and bypass sensitive Shortcuts app settings.
42) State Issues (CVE-ID: CVE-2025-24119)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in the Finder application. A local app can execute arbitrary code out of its sandbox or with certain elevated privileges.
43) Type confusion (CVE-ID: CVE-2025-7424)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in xmlNode.psvi. A remote attacker can pass specially crafted XML input to the application, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Configuration (CVE-ID: CVE-2025-43192)
The issue may allow a local user to bypass implemented security restrictions.
The issue exists due to a configuration issue in Managed Configuration that makes available Account-driven User Enrollment with Lockdown Mode turned on. A local user can bypass implemented security restrictions and create new accounts.
45) Race condition (CVE-ID: CVE-2025-43275)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in NetAuth. A local application can exploit the race and break out of its sandbox.
46) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43260)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can hijack entitlements granted to other privileged apps.
47) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43232)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can bypass certain Privacy preferences.
48) Type confusion (CVE-ID: CVE-2025-43236)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in Power Management. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.
49) Information disclosure (CVE-ID: CVE-2025-43233)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the Security component. A local application acting as a HTTPS proxy can get access to sensitive user data.
50) Memory corruption (CVE-ID: CVE-2025-43284)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can cause unexpected system termination.
51) Improper access control (CVE-ID: CVE-2025-43313)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreServices. A local application can access sensitive user data.
52) Resource management error (CVE-ID: CVE-2025-43282)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the OS kernel. A local application can cause unexpected system termination.
Remediation
Install update from vendor's website.