site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-09-15-2025-7 macOS Sonoma 14.8 macOS Sonoma 14.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/125112. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sonoma Impact: An app may be able to cause unexpected system termination Description: A buffer overflow was addressed with improved bounds checking. CVE-2025-43312: ABC Research s.r.o. AppKit Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: The issue was resolved by blocking unsigned services from launching on Intel Macs. CVE-2025-43321: Mickey Jin (@patch1t) Apple Online Store Kit Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions. CVE-2025-31268: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji AppSandbox Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions. CVE-2025-43285: Zhongquan Li (@Guluisacat), Mickey Jin (@patch1t) CoreAudio Available for: macOS Sonoma Impact: Processing a maliciously crafted video file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2025-43349: @zlluny working with Trend Zero Day Initiative CoreAudio Available for: macOS Sonoma Impact: Processing a maliciously crafted audio file may lead to memory corruption Description: The issue was addressed with improved memory handling. CVE-2025-43277: Google's Threat Analysis Group CoreMedia Available for: macOS Sonoma Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A permissions issue was addressed with additional sandbox restrictions. CVE-2025-43273: Seo Hyun-gyu (@wh1te4ever), Minghao Lin (@Y1nKoc), 风 (binaryfmyy), BochengXiang(@Crispr), and YingQi Shi (@Mas0nShi), Dora Orak CoreServices Available for: macOS Sonoma Impact: A malicious app may be able to access private information Description: A logic issue was addressed with improved checks. CVE-2025-43305: an anonymous researcher, Mickey Jin (@patch1t) GPU Drivers Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2025-43326: Wang Yu of Cyberserval IOHIDFamily Available for: macOS Sonoma Impact: An app may be able to cause unexpected system termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2025-43302: Keisuke Hosoda IOKit Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: An authorization issue was addressed with improved state management. CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji Kernel Available for: macOS Sonoma Impact: A UDP server socket bound to a local interface may become bound to all interfaces Description: A logic issue was addressed with improved state management. CVE-2025-43359: Viktor Oreshkin LaunchServices Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2025-43231: Mickey Jin (@patch1t), Kirin@Pwnrin and LFY@secsys from Fudan University, an anonymous researcher libc Available for: macOS Sonoma Impact: An app may be able to cause a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2025-43299: Nathaniel Oh (@calysteon) CVE-2025-43295: Nathaniel Oh (@calysteon) Libinfo Available for: macOS Sonoma Impact: Processing a maliciously crafted string may lead to heap corruption Description: The issue was addressed with improved bounds checks. CVE-2025-43353: Nathaniel Oh (@calysteon) MediaLibrary Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: This issue was addressed by removing the vulnerable code. CVE-2025-43319: Hikerell (Loadshine Lab) MigrationKit Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2025-43315: Rodolphe Brunetti (@eisw0lf) of Lupus Nova MobileStorageMounter Available for: macOS Sonoma Impact: An app may be able to cause a denial-of-service Description: A type confusion issue was addressed with improved memory handling. CVE-2025-43355: Dawuge of Shuffle Team Notification Center Available for: macOS Sonoma Impact: An app may be able to access contact info related to notifications in Notification Center Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2025-43301: LFY@secsys from Fudan University PackageKit Available for: macOS Sonoma Impact: An app may be able to gain root privileges Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2025-43298: an anonymous researcher Perl Available for: macOS Sonoma Impact: Multiple issues in Perl Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2025-40909 Printing Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions. CVE-2025-31269: Zhongcheng Li from IES Red Team of ByteDance Ruby Available for: macOS Sonoma Impact: Processing a file may lead to a denial-of-service or potentially disclose memory contents Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-27280 Screenshots Available for: macOS Sonoma Impact: An app may be able to capture a screenshot of an app entering or exiting full screen mode Description: A privacy issue was addressed with improved checks. CVE-2025-31259: an anonymous researcher Security Initialization Available for: macOS Sonoma Impact: An app may be able to break out of its sandbox Description: A file quarantine bypass was addressed with additional checks. CVE-2025-43332: an anonymous researcher SharedFileList Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: The issue was addressed with improved input validation. CVE-2025-43293: an anonymous researcher SharedFileList Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed by removing the vulnerable code. CVE-2025-43291: Ye Zhang of Baidu Security SharedFileList Available for: macOS Sonoma Impact: An app may be able to break out of its sandbox Description: A permissions issue was addressed with additional restrictions. CVE-2025-43286: pattern-f (@pattern_F_), @zlluny Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass sandbox restrictions Description: A permissions issue was addressed with additional sandbox restrictions. CVE-2025-43358: 정답이 아닌 해답 Siri Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A privacy issue was addressed by moving sensitive data. CVE-2025-43367: Kirin (@Pwnrin), Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania Spell Check Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2025-43190: Noah Gregory (wts.dev) Spotlight Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A logic issue was addressed with improved checks. CVE-2025-24197: Rodolphe Brunetti (@eisw0lf) of Lupus Nova Storage Available for: macOS Sonoma Impact: An app may be able to gain root privileges Description: A permissions issue was addressed with additional restrictions. CVE-2025-43341: an anonymous researcher StorageKit Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2025-43314: Mickey Jin (@patch1t) StorageKit Available for: macOS Sonoma Impact: An app may be able to gain root privileges Description: A race condition was addressed with improved state handling. CVE-2025-43304: Mickey Jin (@patch1t) Touch Bar Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: This issue was addressed with additional entitlement checks. CVE-2025-43311: an anonymous researcher, Justin Elliot Fu Touch Bar Controls Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: This issue was addressed with additional entitlement checks. CVE-2025-43308: an anonymous researcher WindowServer Available for: macOS Sonoma Impact: An app may be able to trick a user into copying sensitive data to the pasteboard Description: A configuration issue was addressed with additional restrictions. CVE-2025-43310: an anonymous researcher Additional recognition Airport We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance. libpthread We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance. libxml2 We would like to acknowledge Nathaniel Oh (@calysteon), Sergei Glazunov of Google Project Zero for their assistance. SharedFileList We would like to acknowledge Ye Zhang of Baidu Security for their assistance. Wi-Fi We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance. macOS Sonoma 14.8 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmjInF4ACgkQ4Ifiq8DH 7PWklg/7BF6iB64SIdkbHinZRV4GX3SCxH/V2q/mAHbLM864iA8m+NhJPEvynt2z oxprEBZhaWQCek+sSHv0dvegxyM6Q2ivM68dNUnlEPcEP0Jk0kVlymvTmUdavsC5 65/6N/7n+YKUtezfPavFHuUL6DjNtQGE/beR92vYBKDofvVRgAHZqraypmp6Mql5 z5ucJIuVw/hewyUVPnS4Z8kgd44qErvhju+nANRmmL2tnXCEQdxAyr+Hoq4LreE2 VhArWuuqyTGW9xHYskbhe8yc5LJb+rvY9Dv4xcCP/yE9GmZAHSrRjph1oCimfMaM yd4LzsD/tfaZhSEDZMSVZy3572vqUfemnjQt8hcZLaZX6P9V9vgLpmx7oqo0lcs9 uAgnUb3Pl+RD80UP9R8W0P/mTPoNNWWh3b2jg/1FLf96acmXTrpSBpeCy5V2SIa1 iwUlF2vv01DKQcUMdPlVYxb0YfiXAsf+2F/J42/8smfPyPjMMg2JUnOEd8qLNe+5 TkKOCdw8APcXcbr/TqdMoWqujDknD6OC9vjD1AQb35qVPyXwIbMlrGNEYegf47k6 BbXUpI9R18sxNDqwQU/AZ9TFcFRizbEiErzOuXO56J/QFBa8npW7KZC1ZNqqzh1g YZxza3MnGDUzgdo2X5smX5vG+bp8/fqVuXalJZV9D+yviRPhmZw= =U9cW -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com