Apple today released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. This is a feature release, but it includes significant security updates. Apple patches a total of 29 different vulnerabilities. None of these vulnerabilities has been identified as exploited.
Apple today released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. This is a feature release, but it includes significant security updates. Apple patches a total of 29 different vulnerabilities. None of these vulnerabilities has been identified as exploited.
Apple’s vulnerability descriptions are not very telling. Most vulnerabilities are likely DoS issues, causing a system or individual subsystems to crash. There are a few privilege escalation and sandbox escape vulnerabilities that Apple addressed in this update. Vulnerabilities identified as memory corruption or heap corruption may lead to code execution, but the exact scope is difficult to ascertain from Apple’s limited information.
There are a few “interesting” vulnerabilities:
CVE-2025-43217: Privacy Indicators for microphone or camera access may not be correctly displayed. This, likely, refers to the green dot displayed next to the control center, not the physical LED used by some Apple laptops.
CVE-2025-43240: A download’s origin may be incorrectly associated. A “Mark of the Web” issue? Apple uses extended file attributes for this. Sadly, no details to review existing downloads.
For macOS, security-only updates are available for versions back to Ventura (macOS 13). For iOS/iPad OS, updates are available for 18 and 17.
| iOS 18.6 and iPadOS 18.6 | iPadOS 17.7.9 | macOS Sequoia 15.6 | macOS Sonoma 14.7.7 | macOS Ventura 13.7.7 | watchOS 11.6 | tvOS 18.6 | visionOS 2.6 |
|---|---|---|---|---|---|---|---|
| CVE-2025-24119: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. Affects Finder |
|||||||
| x | x | ||||||
| CVE-2025-24188: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects Safari |
|||||||
| x | |||||||
| CVE-2025-24220: An app may be able to read a persistent device identifier. Affects Sandbox Profiles |
|||||||
| x | |||||||
| CVE-2025-24224: A remote attacker may be able to cause unexpected system termination. Affects Kernel |
|||||||
| x | x | ||||||
| CVE-2025-31229: Passcode may be read aloud by VoiceOver. Affects Accessibility |
|||||||
| x | |||||||
| CVE-2025-31243: An app may be able to gain root privileges. Affects AppleMobileFileIntegrity |
|||||||
| x | x | x | |||||
| CVE-2025-31273: Processing maliciously crafted web content may lead to memory corruption. Affects WebKit |
|||||||
| x | x | x | x | x | |||
| CVE-2025-31275: A sandboxed process may be able to launch any installed app. Affects MediaRemote |
|||||||
| x | |||||||
| CVE-2025-31276: Remote content may be loaded even when the ‘Load Remote Images’ setting is turned off. Affects Mail Drafts |
|||||||
| x | x | ||||||
| CVE-2025-31278: Processing maliciously crafted web content may lead to memory corruption. Affects WebKit |
|||||||
| x | |||||||
| CVE-2025-31279: An app may be able to fingerprint the user. Affects Find My |
|||||||
| x | x | x | x | ||||
| CVE-2025-31280: Processing a maliciously crafted file may lead to heap corruption. Affects Model I/O |
|||||||
| x | |||||||
| CVE-2025-31281: Processing a maliciously crafted file may lead to unexpected app termination. Affects Model I/O |
|||||||
| x | x | x | x | ||||
| CVE-2025-43184: A shortcut may be able to bypass sensitive Shortcuts app settings. Affects Shortcuts |
|||||||
| x | x | ||||||
| CVE-2025-43185: An app may be able to access protected user data. Affects Voice Control |
|||||||
| x | |||||||
| CVE-2025-43186: Parsing a file may lead to an unexpected app termination. Affects afclip |
|||||||
| x | x | x | x | x | x | x | |
| CVE-2025-43187: Running an hdiutil command may unexpectedly execute arbitrary code. Affects Disk Images |
|||||||
| x | x | x | |||||
| CVE-2025-43188: A malicious app may be able to gain root privileges. Affects DiskArbitration |
|||||||
| x | |||||||
| CVE-2025-43189: A malicious app may be able to read kernel memory. Affects WebContentFilter |
|||||||
| x | x | ||||||
| CVE-2025-43191: An app may be able to cause a denial-of-service. Affects Admin Framework |
|||||||
| x | x | x | |||||
| CVE-2025-43192: Account-driven User Enrollment may still be possible with Lockdown Mode turned on. Affects Managed Configuration |
|||||||
| x | x | ||||||
| CVE-2025-43193: An app may be able to cause a denial-of-service. Affects SecurityAgent |
|||||||
| x | x | x | |||||
| CVE-2025-43194: An app may be able to modify protected parts of the file system. Affects PackageKit |
|||||||
| x | x | x | |||||
| CVE-2025-43195: An app may be able to access sensitive user data. Affects CoreServices |
|||||||
| x | x | x | |||||
| CVE-2025-43196: An app may be able to gain root privileges. Affects libxpc |
|||||||
| x | x | x | |||||
| CVE-2025-43197: An app may be able to access sensitive user data. Affects Single Sign-On |
|||||||
| x | x | x | |||||
| CVE-2025-43198: An app may be able to access protected user data. Affects Dock |
|||||||
| x | x | ||||||
| CVE-2025-43199: A malicious app may be able to gain root privileges. Affects Core Services |
|||||||
| x | x | x | |||||
| CVE-2025-43202: Processing a file may lead to memory corruption. Affects libnetcore |
|||||||
| x | x | ||||||
| CVE-2025-43206: An app may be able to access protected user data. Affects System Settings |
|||||||
| x | x | x | |||||
| CVE-2025-43209: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects ICU |
|||||||
| x | x | x | x | x | x | x | x |
| CVE-2025-43210: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects CoreMedia |
|||||||
| x | x | x | x | x | x | x | x |
| CVE-2025-43211: Processing web content may lead to a denial-of-service. Affects WebKit |
|||||||
| x | x | x | x | x | x | ||
| CVE-2025-43212: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
|||||||
| x | x | x | x | x | |||
| CVE-2025-43215: Processing a maliciously crafted image may result in disclosure of process memory. Affects Model I/O |
|||||||
| x | |||||||
| CVE-2025-43216: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
|||||||
| x | x | x | x | x | x | ||
| CVE-2025-43217: Privacy Indicators for microphone or camera access may not be correctly displayed. Affects Accessibility |
|||||||
| x | x | ||||||
| CVE-2025-43218: Processing a maliciously crafted USD file may disclose memory contents. Affects Model I/O |
|||||||
| x | |||||||
| CVE-2025-43219: Processing a maliciously crafted image may corrupt process memory. Affects Model I/O |
|||||||
| x | |||||||
| CVE-2025-43220: An app may be able to access protected user data. Affects copyfile |
|||||||
| x | x | x | x | ||||
| CVE-2025-43221: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects Model I/O |
|||||||
| x | x | x | x | ||||
| CVE-2025-43222: An attacker may be able to cause unexpected app termination. Affects CFNetwork |
|||||||
| x | x | x | x | ||||
| CVE-2025-43223: A non-privileged user may be able to modify restricted network settings. Affects CFNetwork |
|||||||
| x | x | x | x | x | x | x | x |
| CVE-2025-43225: An app may be able to access sensitive user data. Affects Notes |
|||||||
| x | x | x | x | ||||
| CVE-2025-43227: Processing maliciously crafted web content may disclose sensitive user information. Affects WebKit |
|||||||
| x | x | x | x | x | |||
| CVE-2025-43228: Visiting a malicious website may lead to address bar spoofing. Affects WebKit |
|||||||
| x | |||||||
| CVE-2025-43229: Processing maliciously crafted web content may lead to universal cross site scripting. Affects WebKit |
|||||||
| x | |||||||
| CVE-2025-43230: An app may be able to access user-sensitive data. Affects CoreMedia Playback |
|||||||
| x | x | x | x | x | x | ||
| CVE-2025-43232: An app may be able to bypass certain Privacy preferences. Affects PackageKit |
|||||||
| x | x | x | |||||
| CVE-2025-43233: A malicious app acting as a HTTPS proxy could get access to sensitive user data. Affects Security |
|||||||
| x | x | x | |||||
| CVE-2025-43234: Processing a maliciously crafted texture may lead to unexpected app termination. Affects Metal |
|||||||
| x | x | x | x | x | |||
| CVE-2025-43235: An app may be able to cause a denial-of-service. Affects Power Management |
|||||||
| x | |||||||
| CVE-2025-43236: An attacker may be able to cause unexpected app termination. Affects Power Management |
|||||||
| x | x | x | |||||
| CVE-2025-43237: An app may be able to cause unexpected system termination. Affects WebContentFilter |
|||||||
| x | |||||||
| CVE-2025-43238: An app may be able to cause unexpected system termination. Affects Xsan |
|||||||
| x | x | x | |||||
| CVE-2025-43239: Processing a maliciously crafted file may lead to unexpected app termination. Affects sips |
|||||||
| x | x | x | |||||
| CVE-2025-43240: A download’s origin may be incorrectly associated. Affects WebKit |
|||||||
| x | |||||||
| CVE-2025-43241: An app may be able to read files outside of its sandbox. Affects SceneKit |
|||||||
| x | x | x | |||||
| CVE-2025-43243: An app may be able to modify protected parts of the file system. Affects Software Update |
|||||||
| x | x | x | |||||
| CVE-2025-43244: An app may be able to cause unexpected system termination. Affects AMD |
|||||||
| x | x | x | |||||
| CVE-2025-43245: An app may be able to access protected user data. Affects AppleMobileFileIntegrity |
|||||||
| x | x | x | |||||
| CVE-2025-43246: An app may be able to access sensitive user data. Affects Spotlight |
|||||||
| x | x | ||||||
| CVE-2025-43247: A malicious app with root privileges may be able to modify the contents of system files. Affects PackageKit |
|||||||
| x | x | x | |||||
| CVE-2025-43248: A malicious app may be able to gain root privileges. Affects AppleMobileFileIntegrity |
|||||||
| x | x | ||||||
| CVE-2025-43249: An app may be able to gain root privileges. Affects AppleMobileFileIntegrity |
|||||||
| x | x | x | |||||
| CVE-2025-43250: An app may be able to break out of its sandbox. Affects SharedFileList |
|||||||
| x | x | x | |||||
| CVE-2025-43251: A local attacker may gain access to Keychain items. Affects User Management |
|||||||
| x | |||||||
| CVE-2025-43252: A website may be able to access sensitive user data when resolving symlinks. Affects zip |
|||||||
| x | |||||||
| CVE-2025-43253: A malicious app may be able to launch arbitrary binaries on a trusted device. Affects AppleMobileFileIntegrity |
|||||||
| x | x | ||||||
| CVE-2025-43254: Processing a maliciously crafted file may lead to unexpected app termination. Affects file |
|||||||
| x | x | x | |||||
| CVE-2025-43255: An app may be able to cause unexpected system termination. Affects GPU Drivers |
|||||||
| x | x | x | |||||
| CVE-2025-43256: An app may be able to gain root privileges. Affects StorageKit |
|||||||
| x | x | ||||||
| CVE-2025-43257: An app may be able to break out of its sandbox. Affects Archive Utility |
|||||||
| x | |||||||
| CVE-2025-43259: An attacker with physical access to a locked device may be able to view sensitive user information. Affects WindowServer |
|||||||
| x | x | x | |||||
| CVE-2025-43260: An app may be able to hijack entitlements granted to other privileged apps. Affects PackageKit |
|||||||
| x | x | ||||||
| CVE-2025-43261: An app may be able to break out of its sandbox. Affects File Bookmark |
|||||||
| x | x | x | |||||
| CVE-2025-43265: Processing maliciously crafted web content may disclose internal states of the app. Affects WebKit |
|||||||
| x | x | x | x | x | |||
| CVE-2025-43266: An app may be able to break out of its sandbox. Affects NSSpellChecker |
|||||||
| x | x | x | |||||
| CVE-2025-43267: An app may be able to access sensitive user data. Affects Directory Utility |
|||||||
| x | |||||||
| CVE-2025-43268: A malicious app may be able to gain root privileges. Affects Kernel |
|||||||
| x | |||||||
| CVE-2025-43270: An app may gain unauthorized access to Local Network. Affects Notes |
|||||||
| x | x | x | |||||
| CVE-2025-43273: A sandboxed process may be able to circumvent sandbox restrictions. Affects CoreMedia |
|||||||
| x | |||||||
| CVE-2025-43274: A sandboxed process may be able to circumvent sandbox restrictions. Affects RemoteViewServices |
|||||||
| x | |||||||
| CVE-2025-43275: An app may be able to break out of its sandbox. Affects NetAuth |
|||||||
| x | x | x | |||||
| CVE-2025-43276: iCloud Private Relay may not activate when more than one user is logged in at the same time. Affects Kernel |
|||||||
| x | |||||||
| CVE-2025-43277: Processing a maliciously crafted audio file may lead to memory corruption. Affects CoreAudio |
|||||||
| x | x | x | x | x | |||
| CVE-2025-6558: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
|||||||
| x | x | x | x | x | x | ||
| CVE-2025-7424: Processing maliciously crafted web content may lead to memory corruption. Affects libxslt |
|||||||
| x | x | x | x | x | x | x | |
| CVE-2025-7425: Processing a file may lead to memory corruption. Affects libxml2 |
|||||||
| x | x | x | x | x | |||
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Leave A Reply