Full Disclosuremailing list archives

By Date

By Thread

APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5macOS Ventura 13.7.5 addresses the following issues.Information about the security content is also available athttps://support.apple.com/122375.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccountPolicyAvailable for: macOS VenturaImpact: A malicious app may be able to gain root privilegesDescription: This issue was addressed by removing the vulnerable code.CVE-2025-24234: an anonymous researcherApp StoreAvailable for: macOS VenturaImpact: A malicious app may be able to access private informationDescription: This issue was addressed by removing the vulnerable code.CVE-2025-24276: an anonymous researcherApple AccountAvailable for: macOS VenturaImpact: An attacker in a privileged network position can track a user'sactivityDescription: The issue was addressed with improved handling ofprotocols.CVE-2024-40864: Wojciech Regula of SecuRing (wojciechregula.blog)AppleMobileFileIntegrityAvailable for: macOS VenturaImpact: An app may be able to modify protected parts of the file systemDescription: The issue was addressed with improved checks.CVE-2025-24272: Mickey Jin (@patch1t)CVE-2025-24231: Claudio Bozzato and Francesco Benvenuto of Cisco TalosAppleMobileFileIntegrityAvailable for: macOS VenturaImpact: A malicious app may be able to read or write to protected filesDescription: A permissions issue was addressed with additionalrestrictions.CVE-2025-24233: Claudio Bozzato and Francesco Benvenuto of Cisco Talos.AppleMobileFileIntegrityAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: A privacy issue was addressed by removing the vulnerablecode.CVE-2025-30443: Bohdan Stasiuk (@bohdan_stasiuk)AudioAvailable for: macOS VenturaImpact: Processing a maliciously crafted file may lead to arbitrary codeexecutionDescription: The issue was addressed with improved memory handling.CVE-2025-24243: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeAudioAvailable for: macOS VenturaImpact: Processing a maliciously crafted font may result in thedisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2025-24244: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeAutomatorAvailable for: macOS VenturaImpact: An app may be able to access protected user dataDescription: A permissions issue was addressed by removing vulnerablecode and adding additional checks.CVE-2025-30460: an anonymous researcherBiometricKitAvailable for: macOS VenturaImpact: An app may be able to cause unexpected system terminationDescription: A buffer overflow was addressed with improved boundschecking.CVE-2025-24237: Yutong XiuCalendarAvailable for: macOS VenturaImpact: An app may be able to break out of its sandboxDescription: A path handling issue was addressed with improvedvalidation.CVE-2025-30429: Denis Tokarev (@illusionofcha0s)CalendarAvailable for: macOS VenturaImpact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2025-24212: Denis Tokarev (@illusionofcha0s)CloudKitAvailable for: macOS VenturaImpact: A malicious app may be able to access private informationDescription: The issue was addressed with improved checks.CVE-2025-24215: Kirin (@Pwnrin)CoreAudioAvailable for: macOS VenturaImpact: Playing a malicious audio file may lead to an unexpected appterminationDescription: An out-of-bounds read issue was addressed with improvedinput validation.CVE-2025-24230: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCoreMediaAvailable for: macOS VenturaImpact: A malicious application may be able to elevate privileges. Appleis aware of a report that this issue may have been actively exploitedagainst versions of iOS before iOS 17.2.Description: A use after free issue was addressed with improved memorymanagement.CVE-2025-24085CoreMediaAvailable for: macOS VenturaImpact: Processing a maliciously crafted video file may lead tounexpected app termination or corrupt process memoryDescription: The issue was addressed with improved memory handling.CVE-2025-24190: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCoreMediaAvailable for: macOS VenturaImpact: Processing a maliciously crafted video file may lead tounexpected app termination or corrupt process memoryDescription: This issue was addressed with improved memory handling.CVE-2025-24211: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCoreServicesAvailable for: macOS VenturaImpact: An app may be able to access sensitive user dataDescription: This issue was addressed through improved state management.CVE-2025-31191: Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft, and ananonymous researcherCoreServicesAvailable for: macOS VenturaImpact: An app may be able to gain root privilegesDescription: A logic issue was addressed with improved file handling.CVE-2025-24170: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab andMinghao Lin (@Y1nKoc), Stephan CasasCrash ReporterAvailable for: macOS VenturaImpact: An app may be able to gain root privilegesDescription: A parsing issue in the handling of directory paths wasaddressed with improved path validation.CVE-2025-24277: Csaba Fitzl (@theevilbit) of Kandji and Gergely Kalman(@gergely_kalman), and an anonymous researchercurlAvailable for: macOS VenturaImpact: An input validation issue was addressedDescription: This is a vulnerability in open source code and AppleSoftware is among the affected projects. The CVE-ID was assigned by athird party. Learn more about the issue and CVE-ID at cve.org.CVE-2024-9681Disk ImagesAvailable for: macOS VenturaImpact: An app may be able to break out of its sandboxDescription: A file access issue was addressed with improved inputvalidation.CVE-2025-24255: an anonymous researcherDiskArbitrationAvailable for: macOS VenturaImpact: An app may be able to gain root privilegesDescription: A permissions issue was addressed with additionalrestrictions.CVE-2025-24267: an anonymous researcherDiskArbitrationAvailable for: macOS VenturaImpact: An app may be able to gain root privilegesDescription: A parsing issue in the handling of directory paths wasaddressed with improved path validation.CVE-2025-30456: Gergely Kalman (@gergely_kalman)DockAvailable for: macOS VenturaImpact: An app may be able to modify protected parts of the file systemDescription: This issue was addressed by removing the vulnerable code.CVE-2025-31187: Rodolphe BRUNETTI (@eisw0lf) of Lupus NovadyldAvailable for: macOS VenturaImpact: Apps that appear to use App Sandbox may be able to launchwithout restrictionsDescription: A library injection issue was addressed with additionalrestrictions.CVE-2025-30462: Pietro Francesco Tirenna, Davide Silvetti, Abdel AdimOisfi of Shielder (shielder.com)FoundationAvailable for: macOS VenturaImpact: An app may be able to cause a denial-of-serviceDescription: An uncontrolled format string issue was addressed withimproved input validation.CVE-2025-24199: Manuel Fernandez (Stackhopper Security)FoundationAvailable for: macOS VenturaImpact: An app may be able to access sensitive user dataDescription: The issue was resolved by sanitizing loggingCVE-2025-30447: LFY@secsys from Fudan UniversityGPU DriversAvailable for: macOS VenturaImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved bounds checks.CVE-2025-24256: Murray Mike, Anonymous working with Trend Micro Zero DayInitiativeGPU DriversAvailable for: macOS VenturaImpact: An app may be able to cause unexpected system termination orcorrupt kernel memoryDescription: An out-of-bounds write issue was addressed with improvedbounds checking.CVE-2025-24273: Wang Yu of CyberservalCVE-2025-30464: ABC Research s.r.o.ImageIOAvailable for: macOS VenturaImpact: Parsing an image may lead to disclosure of user informationDescription: A logic error was addressed with improved error handling.CVE-2025-24210: Anonymous working with Trend Micro Zero Day InitiativeInstallerAvailable for: macOS VenturaImpact: An app may be able to check the existence of an arbitrary pathon the file systemDescription: A permissions issue was addressed with additional sandboxrestrictions.CVE-2025-24249: YingQi Shi(@Mas0nShi) of DBAppSecurity's WeBin lab andMinghao Lin (@Y1nKoc)InstallerAvailable for: macOS VenturaImpact: A sandboxed app may be able to access sensitive user dataDescription: A logic issue was addressed with improved checks.CVE-2025-24229: an anonymous researcherKerberos HelperAvailable for: macOS VenturaImpact: A remote attacker may be able to cause unexpected apptermination or heap corruptionDescription: A memory initialization issue was addressed with improvedmemory handling.CVE-2025-24235: Dave G.KernelAvailable for: macOS VenturaImpact: A malicious app may be able to attempt passcode entries on alocked device and thereby cause escalating time delays after 4 failuresDescription: A logic issue was addressed with improved state management.CVE-2025-30432: Michael (Biscuit) Thomas - @biscuit () social lolKernelAvailable for: macOS VenturaImpact: An app may be able to modify protected parts of the file systemDescription: The issue was addressed with improved checks.CVE-2025-24203: Ian Beer of Google Project ZeroLaunchServicesAvailable for: macOS VenturaImpact: A malicious JAR file may bypass Gatekeeper checksDescription: This issue was addressed with improved handling ofexecutable types.CVE-2025-24148: Kenneth ChewLibinfoAvailable for: macOS VenturaImpact: A user may be able to elevate privilegesDescription: An integer overflow was addressed with improved inputvalidation.CVE-2025-24195: Paweł Płatek (Trail of Bits)libxml2Available for: macOS VenturaImpact: Parsing a file may lead to an unexpected app terminationDescription: This is a vulnerability in open source code and AppleSoftware is among the affected projects. The CVE-ID was assigned by athird party. Learn more about the issue and CVE-ID at cve.org.CVE-2025-27113CVE-2024-56171libxpcAvailable for: macOS VenturaImpact: An app may be able to break out of its sandboxDescription: This issue was addressed through improved state management.CVE-2025-24178: an anonymous researcherlibxpcAvailable for: macOS VenturaImpact: An app may be able to delete files for which it does not havepermissionDescription: This issue was addressed with improved handling ofsymlinks.CVE-2025-31182: 风沐云烟(@binary_fmyy) and Minghao Lin(@Y1nKoc), AlexRadocea and Dave G. of SupernetworkslibxpcAvailable for: macOS VenturaImpact: An app may be able to gain elevated privilegesDescription: A logic issue was addressed with improved checks.CVE-2025-24238: an anonymous researcherMailAvailable for: macOS VenturaImpact: "Block All Remote Content" may not apply for all mail previewsDescription: A permissions issue was addressed with additional sandboxrestrictions.CVE-2025-24172: an anonymous researchermanpagesAvailable for: macOS VenturaImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved validation ofsymlinks.CVE-2025-30450: Pwn2carMapsAvailable for: macOS VenturaImpact: An app may be able to read sensitive location informationDescription: A path handling issue was addressed with improved logic.CVE-2025-30470: LFY@secsys from Fudan UniversityNSDocumentAvailable for: macOS VenturaImpact: A malicious app may be able to access arbitrary filesDescription: This issue was addressed through improved state management.CVE-2025-24232: an anonymous researcherOpenSSHAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: An injection issue was addressed with improved validation.CVE-2025-24246: Mickey Jin (@patch1t)PackageKitAvailable for: macOS VenturaImpact: An app may be able to modify protected parts of the file systemDescription: The issue was addressed with improved checks.CVE-2025-24261: Mickey Jin (@patch1t)PackageKitAvailable for: macOS VenturaImpact: An app may be able to modify protected parts of the file systemDescription: A logic issue was addressed with improved checks.CVE-2025-24164: Mickey Jin (@patch1t)PackageKitAvailable for: macOS VenturaImpact: A malicious app with root privileges may be able to modify thecontents of system filesDescription: A permissions issue was addressed with additionalrestrictions.CVE-2025-30446: Pedro Tôrres (@t0rr3sp3dr0)Parental ControlsAvailable for: macOS VenturaImpact: An app may be able to retrieve Safari bookmarks without anentitlement checkDescription: This issue was addressed with additional entitlementchecks.CVE-2025-24259: Noah Gregory (wts.dev)Photos StorageAvailable for: macOS VenturaImpact: Deleting a conversation in Messages may expose user contactinformation in system loggingDescription: A logging issue was addressed with improved data redaction.CVE-2025-30424: an anonymous researcherPower ServicesAvailable for: macOS VenturaImpact: An app may be able to break out of its sandboxDescription: This issue was addressed with additional entitlementchecks.CVE-2025-24173: Mickey Jin (@patch1t)SandboxAvailable for: macOS VenturaImpact: An input validation issue was addressedDescription: The issue was addressed with improved checks.CVE-2025-30452: an anonymous researcherSandboxAvailable for: macOS VenturaImpact: An app may be able to access protected user dataDescription: A permissions issue was addressed with additionalrestrictions.CVE-2025-24181: Arsenii Kostromin (0x3c3e)SecurityAvailable for: macOS VenturaImpact: A remote user may be able to cause a denial-of-serviceDescription: A validation issue was addressed with improved logic.CVE-2025-30471: Bing Shi, Wenchao Li, Xiaolong Bai of Alibaba Group,Luyi Xing of Indiana University BloomingtonSecurityAvailable for: macOS VenturaImpact: A malicious app acting as a HTTPS proxy could get access tosensitive user dataDescription: This issue was addressed with improved access restrictions.CVE-2025-24250: Wojciech Regula of SecuRing (wojciechregula.blog)Share SheetAvailable for: macOS VenturaImpact: A malicious app may be able to dismiss the system notificationon the Lock Screen that a recording was startedDescription: This issue was addressed with improved access restrictions.CVE-2025-30438: Halle Winkler, Politepix theoffcuts.orgShortcutsAvailable for: macOS VenturaImpact: A Shortcut may run with admin privileges without authenticationDescription: An authentication issue was addressed with improved statemanagement.CVE-2025-31194: Dolf HoegaertsShortcutsAvailable for: macOS VenturaImpact: A shortcut may be able to access files that are normallyinaccessible to the Shortcuts appDescription: A permissions issue was addressed with improved validation.CVE-2025-30465: an anonymous researcherShortcutsAvailable for: macOS VenturaImpact: A shortcut may be able to access files that are normallyinaccessible to the Shortcuts appDescription: This issue was addressed with improved access restrictions.CVE-2025-30433: Andrew James GonzalezsipsAvailable for: macOS VenturaImpact: Parsing a maliciously crafted file may lead to an unexpected appterminationDescription: The issue was addressed with improved checks.CVE-2025-24139: Junsung <3, Hossein Lotfi (@hosselot) of Trend MicroZero Day InitiativeSiriAvailable for: macOS VenturaImpact: An attacker with physical access may be able to use Siri toaccess sensitive user dataDescription: This issue was addressed by restricting options offered ona locked device.CVE-2025-24198: Richard Hyunho Im (@richeeta) with routezero.securitySiriAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: An authorization issue was addressed with improved statemanagement.CVE-2025-24205: YingQi Shi(@Mas0nShi) of DBAppSecurity's WeBin lab andMinghao Lin (@Y1nKoc)SMBAvailable for: macOS VenturaImpact: Mounting a maliciously crafted SMB network share may lead tosystem terminationDescription: A race condition was addressed with improved locking.CVE-2025-30444: Dave G.SMBAvailable for: macOS VenturaImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A buffer overflow issue was addressed with improved memoryhandling.CVE-2025-24228: Joseph Ravichandran (@0xjprx) of MIT CSAILsmbxAvailable for: macOS VenturaImpact: An attacker in a privileged position may be able to perform adenial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24260: zbleet of QI-ANXIN TianGong TeamSoftware UpdateAvailable for: macOS VenturaImpact: A user may be able to elevate privilegesDescription: This issue was addressed with improved validation ofsymlinks.CVE-2025-24254: Arsenii Kostromin (0x3c3e)SpotlightAvailable for: macOS VenturaImpact: An app may be able to access sensitive user dataDescription: A permissions issue was addressed with additional sandboxrestrictions.CVE-2024-54533: Csaba Fitzl (@theevilbit) of OffSecStorage ManagementAvailable for: macOS VenturaImpact: An app may be able to enable iCloud storage features withoutuser consentDescription: A permissions issue was addressed with additionalrestrictions.CVE-2025-24207: 风沐云烟 (binary_fmyy) and Minghao Lin (@Y1nKoc), YingQi Shi(@Mas0nShi) of DBAppSecurity's WeBin labStorageKitAvailable for: macOS VenturaImpact: An app may be able to access protected user dataDescription: This issue was addressed with improved handling ofsymlinks.CVE-2025-24253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) ofKandjiStorageKitAvailable for: macOS VenturaImpact: An app may be able to gain root privilegesDescription: A permissions issue was addressed with additionalrestrictions.CVE-2025-30449: Arsenii Kostromin (0x3c3e), and an anonymous researcherStorageKitAvailable for: macOS VenturaImpact: An app may be able to bypass Privacy preferencesDescription: A race condition was addressed with additional validation.CVE-2025-31188: Mickey Jin (@patch1t)StorageKitAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: A race condition was addressed with additional validation.CVE-2025-24240: Mickey Jin (@patch1t)System SettingsAvailable for: macOS VenturaImpact: An app may be able to access protected user dataDescription: This issue was addressed with improved validation ofsymlinks.CVE-2025-24278: Zhongquan Li (@Guluisacat)SystemMigrationAvailable for: macOS VenturaImpact: A malicious app may be able to create symlinks to protectedregions of the diskDescription: This issue was addressed with improved validation ofsymlinks.CVE-2025-30457: Mickey Jin (@patch1t)Voice ControlAvailable for: macOS VenturaImpact: An app may be able to access contactsDescription: This issue was addressed with improved file handling.CVE-2025-24279: Mickey Jin (@patch1t)WindowServerAvailable for: macOS VenturaImpact: An attacker may be able to cause unexpected app terminationDescription: A type confusion issue was addressed with improved checks.CVE-2025-24247: PixiePoint SecurityWindowServerAvailable for: macOS VenturaImpact: An app may be able to trick a user into copying sensitive datato the pasteboardDescription: A configuration issue was addressed with additionalrestrictions.CVE-2025-24241: Andreas Hegenberg (folivora.AI GmbH)XsanAvailable for: macOS VenturaImpact: An app may be able to cause unexpected system terminationDescription: A buffer overflow was addressed with improved boundschecking.CVE-2025-24266: an anonymous researcherXsanAvailable for: macOS VenturaImpact: An app may be able to cause unexpected system terminationDescription: An out-of-bounds read was addressed with improved boundschecking.CVE-2025-24265: an anonymous researcherXsanAvailable for: macOS VenturaImpact: An app may be able to cause unexpected system termination orcorrupt kernel memoryDescription: A buffer overflow issue was addressed with improved memoryhandling.CVE-2025-24157: an anonymous researcherAdditional recognitionAudioWe would like to acknowledge Hossein Lotfi (@hosselot) of Trend MicroZero Day Initiative for their assistance.SecurityWe would like to acknowledge Kevin Jones (GitHub) for their assistance.ShortcutsWe would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoupfor their assistance.SMBWe would like to acknowledge Dave G. for their assistance.macOS Ventura 13.7.5 may be obtained from the Mac App Store orApple's Software Downloads web site:https://support.apple.com/downloads/All information is also posted on the Apple Security Releasesweb site:https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmfrHf0ACgkQX+5d1TXaIvpitxAA1eCeBzd0XYGwTu3U5XHzsAZ8wOyScQ2pc5lUsnOvyCEKyluZv5yjqeaxtaAeoPIDOFw1/m9drMX9hGw4YJ2rHLhbyrF6nVaApnpdrX9F2NXFPSFUK0U/O7H6EsXKygo8Lvcd3Pikt/4RzDuC9x5J2FXlH3rwcuX8J7rbSWtHU+tJUOD/ki2eOGineQXMAVLdYndGhYKUXhs7M3VFwxR6V0roCP+INH2vxIVDbKu2HOHF9J1n75oH+h50eY/A2it9VAxiAjygs1W1zthC37TJxdamcDtnoqlhoi33qju8jzXQTreqB9D5aCBKmeeUHkR0rhjTqjtp8Fk2vWNp98AAClO01Z1jaVrIm6SFnTKPv5pFQbzWFgqqqwFf9nqieZUx3gpLQ0i04UNVdiJ8sOeUEvdE32XbrM2c9SvBzZxaW5Nz1LJA6FOTqpelSlB9oYNK5iukuE4cR0wDVYDIoXas/opMrso56iD2qLDaZsh3icAAVCGg6HOqZfcryv9l9rhabVWIj5AqRL7FjTP/gUXc6qJ9B5zTiixDMcWYWEFi/MaZjZqmcUikU20zWs/MQTboHcaC622jnUOYvoDQtDoIemPwHmzCLV5AYQg8inYz0lUpHHDUDYVHtFHFcInoeu9Q5EetbkZx/HEeSFY6JeQvZbzjGsx5DVqD3WX6INnQM8Y==UUpS-----END PGP SIGNATURE-----_______________________________________________Sent through the Full Disclosure mailing listhttps://nmap.org/mailman/listinfo/fulldisclosureWeb Archives & RSS:https://seclists.org/fulldisclosure/

By Date

By Thread

Current thread:

• APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5Apple Product Security via Fulldisclosure (Apr 02)