site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-09-15-2025-6 macOS Sequoia 15.7 macOS Sequoia 15.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/125111. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sequoia Impact: An app may be able to cause unexpected system termination Description: A buffer overflow was addressed with improved bounds checking. CVE-2025-43312: ABC Research s.r.o. AppKit Available for: macOS Sequoia Impact: An app may be able to access protected user data Description: The issue was resolved by blocking unsigned services from launching on Intel Macs. CVE-2025-43321: Mickey Jin (@patch1t) Apple Online Store Kit Available for: macOS Sequoia Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions. CVE-2025-31268: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji AppSandbox Available for: macOS Sequoia Impact: An app may be able to access protected user data Description: A permissions issue was addressed with additional restrictions. CVE-2025-43285: Zhongquan Li (@Guluisacat), Mickey Jin (@patch1t) ATS Available for: macOS Sequoia Impact: An app may be able to break out of its sandbox Description: This issue was addressed by removing the vulnerable code. CVE-2025-43330: Bilal Siddiqui CoreAudio Available for: macOS Sequoia Impact: Processing a maliciously crafted video file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2025-43349: @zlluny working with Trend Zero Day Initiative CoreMedia Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: A race condition was addressed with improved state handling. CVE-2025-43292: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji CoreServices Available for: macOS Sequoia Impact: A malicious app may be able to access private information Description: A logic issue was addressed with improved checks. CVE-2025-43305: an anonymous researcher, Mickey Jin (@patch1t) GPU Drivers Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2025-43326: Wang Yu of Cyberserval IOHIDFamily Available for: macOS Sequoia Impact: An app may be able to cause unexpected system termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2025-43302: Keisuke Hosoda IOKit Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: An authorization issue was addressed with improved state management. CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji Kernel Available for: macOS Sequoia Impact: A UDP server socket bound to a local interface may become bound to all interfaces Description: A logic issue was addressed with improved state management. CVE-2025-43359: Viktor Oreshkin libc Available for: macOS Sequoia Impact: An app may be able to cause a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2025-43299: Nathaniel Oh (@calysteon) CVE-2025-43295: Nathaniel Oh (@calysteon) Libinfo Available for: macOS Sequoia Impact: Processing a maliciously crafted string may lead to heap corruption Description: The issue was addressed with improved bounds checks. CVE-2025-43353: Nathaniel Oh (@calysteon) MediaLibrary Available for: macOS Sequoia Impact: An app may be able to access protected user data Description: This issue was addressed by removing the vulnerable code. CVE-2025-43319: Hikerell (Loadshine Lab) MigrationKit Available for: macOS Sequoia Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2025-43315: Rodolphe Brunetti (@eisw0lf) of Lupus Nova MobileStorageMounter Available for: macOS Sequoia Impact: An app may be able to cause a denial-of-service Description: A type confusion issue was addressed with improved memory handling. CVE-2025-43355: Dawuge of Shuffle Team Notification Center Available for: macOS Sequoia Impact: An app may be able to access contact info related to notifications in Notification Center Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2025-43301: LFY@secsys from Fudan University PackageKit Available for: macOS Sequoia Impact: An app may be able to gain root privileges Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2025-43298: an anonymous researcher Perl Available for: macOS Sequoia Impact: Multiple issues in Perl Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2025-40909 Ruby Available for: macOS Sequoia Impact: Processing a file may lead to a denial-of-service or potentially disclose memory contents Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-27280 Screenshots Available for: macOS Sequoia Impact: An app may be able to capture a screenshot of an app entering or exiting full screen mode Description: A privacy issue was addressed with improved checks. CVE-2025-31259: an anonymous researcher Security Initialization Available for: macOS Sequoia Impact: An app may be able to break out of its sandbox Description: A file quarantine bypass was addressed with additional checks. CVE-2025-43332: an anonymous researcher SharedFileList Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: The issue was addressed with improved input validation. CVE-2025-43293: an anonymous researcher SharedFileList Available for: macOS Sequoia Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed by removing the vulnerable code. CVE-2025-43291: Ye Zhang of Baidu Security SharedFileList Available for: macOS Sequoia Impact: An app may be able to break out of its sandbox Description: A permissions issue was addressed with additional restrictions. CVE-2025-43286: pattern-f (@pattern_F_), @zlluny Shortcuts Available for: macOS Sequoia Impact: A shortcut may be able to bypass sandbox restrictions Description: A permissions issue was addressed with additional sandbox restrictions. CVE-2025-43358: 정답이 아닌 해답 Spell Check Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2025-43190: Noah Gregory (wts.dev) Spotlight Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: A logic issue was addressed with improved checks. CVE-2025-24197: Rodolphe Brunetti (@eisw0lf) of Lupus Nova StorageKit Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2025-43314: Mickey Jin (@patch1t) StorageKit Available for: macOS Sequoia Impact: An app may be able to gain root privileges Description: A race condition was addressed with improved state handling. CVE-2025-43304: Mickey Jin (@patch1t) Touch Bar Available for: macOS Sequoia Impact: An app may be able to access protected user data Description: This issue was addressed with additional entitlement checks. CVE-2025-43311: an anonymous researcher, Justin Elliot Fu Touch Bar Controls Available for: macOS Sequoia Impact: An app may be able to access sensitive user data Description: This issue was addressed with additional entitlement checks. CVE-2025-43308: an anonymous researcher WindowServer Available for: macOS Sequoia Impact: An app may be able to trick a user into copying sensitive data to the pasteboard Description: A configuration issue was addressed with additional restrictions. CVE-2025-43310: an anonymous researcher Additional recognition Airport We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance. ImageIO We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance. libpthread We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance. libxml2 We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance. SharedFileList We would like to acknowledge Ye Zhang of Baidu Security for their assistance. Wi-Fi We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance. macOS Sequoia 15.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmjInC8ACgkQ4Ifiq8DH 7PUFbxAAvnQCATvBmC06339emgt06YYoI2dyK3ggbWHdOyuCwS37kMlXMqazXDQ/ 4PxuPLvny4MZLxeEqtpOIud69A/RGhIJO2CYmFfrXxPaSP8th32pbno9Jm0X9kge 4WfU2pqBRcYqqwAc+SuxKXOqaV/YeQz4fTAQV0yxiieNYLHJYdv90yskATVdrZPW /+9ikmDAjak6wSHUdUP88p6mmZ9JyKLpQyMtHV+cpgbqdNyt+FxdUtiEPbS/e3YL jkP7sWbHcbAP9Eqx75LEck7qbyzhPs4r3Ztfs8+9axBP9+ewP4freSld7v06YE3y ZfKdkQ1cPYBzf1PFKAXWiAnZVsSNPm/4egkKXtfLYtTMhcVhFmQtAigufdA3kvE4 CumNQB215NzU4jxBhe5eej1hM9t3aRR7VSQa9INE+3Pm9QgRRbcQu7YtjTb5B0F9 szhUcSqUleQnLCzqHl4U+QUO9yFCpnGpzbWJJIAl1BGy/Vz+RrpPt+0Ez9DiFez9 LfPykTvzQoVGhKeA0lLMTWGCoof0lZOFjynvNH4vcA6Ljmpm/T5jQBQlWWcOER42 UxzIyB0hn1J056FySje8xGQSzDmyIxkWpjzfzkXffRo08KZvNAyr2d7S7rpddVOk Kiapfj8smnDNGtRL23kX6PE82nQzT85YS0INVdW+RdTguCTOLtQ= =mtpU -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com