SB2025012805 - Multiple vulnerabilities in Apple macOS Ventura
Published: January 28, 2025 Updated: November 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 39 secuirty vulnerabilities.
1) UNIX symbolic link following (CVE-ID: CVE-2025-24136)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in Login Window. A local application can create symlinks to protected regions of the disk.
2) Integer overflow (CVE-ID: CVE-2025-24156)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow in Xsan. A local application can trigger an integer overflow and execute arbitrary code with elevated privileges.
3) Resource management error (CVE-ID: CVE-2025-24120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in WindowServer. A local user can perform a denial of service (DoS) attack.
4) Out-of-bounds write (CVE-ID: CVE-2025-24154)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when processing untrusted input in WebContentFilter. A remote attacker can trick the victim into opening a specially crafted file, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24176)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can execute arbitrary code with elevated privileges.
6) Information disclosure (CVE-ID: CVE-2025-24138)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Spotlight. A local application can gain access to sensitive information.
7) Buffer overflow (CVE-ID: CVE-2025-24151)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in SMB implementation. A local application can trigger memory corruption and crash the OS kernel.
8) Out-of-bounds read (CVE-ID: CVE-2025-24139)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in sips when parsing ICC profiles. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
9) UNIX symbolic link following (CVE-ID: CVE-2025-24103)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a symlink following issue within the Security feature. A local local application can access protected user data.
10) Out-of-bounds read (CVE-ID: CVE-2025-24149)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in SceneKit. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
11) Improper access control (CVE-ID: CVE-2025-24093)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in Sandbox. A local application can access removable volumes without user consent.
12) Input validation error (CVE-ID: CVE-2024-54497)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in QuartzCore. A remote attacker can trick the victim into visiting a specially crafted website and perform a denial of service (DoS) attack.
13) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-24146)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Photos Storage includes user contact information in system log when deleting a conversation in Messages. A local application can gain access to sensitive data.
14) Improper access control (CVE-ID: CVE-2025-24130)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can modify protected parts of the file system.
15) Input validation error (CVE-ID: CVE-2025-24166)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libxslt. A remote attacker can trick the victim into visiting a specially crafted website and perform a denial of service (DoS) attack.
16) Improper access control (CVE-ID: CVE-2025-24109)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can access sensitive user data.
17) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44172)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Contacts application stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.
18) Improper access control (CVE-ID: CVE-2025-24100)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can access information about a user's contacts.
19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24114)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
20) Improper access control (CVE-ID: CVE-2025-24121)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24122)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can modify protected parts of the file system.
22) Input validation error (CVE-ID: CVE-2025-24127)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ARKit. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2025-24106)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Audio. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
24) Out-of-bounds read (CVE-ID: CVE-2025-24123)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted MOV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
25) Improper access control (CVE-ID: CVE-2025-24116)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in LaunchServices. A local application can bypass Privacy preferences.
26) Out-of-bounds write (CVE-ID: CVE-2025-24124)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted MOV file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
27) Improper access control (CVE-ID: CVE-2025-24102)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreRoutine. A local application can determine a user’s current location.
28) Security features bypass (CVE-ID: CVE-2025-24174)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an error in iCloud Photo Library. A local application can bypass Privacy preferences.
29) Buffer overflow (CVE-ID: CVE-2025-24086)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and perform a denial of service (DoS) attack.
30) Race condition (CVE-ID: CVE-2025-24094)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a race condition in LaunchServices. A local application can gain access to sensitive information.
31) Path traversal (CVE-ID: CVE-2025-24115)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to input validation error in LaunchServices. A local application can read files outside of its sandbox.
32) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper imposed security restrictions in PackageKit. A local user can execute arbitrary code with elevated privileges.
33) Out-of-bounds write (CVE-ID: CVE-2025-24185)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in sips. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
34) Use-after-free (CVE-ID: CVE-2024-55549)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xsltGetInheritedNsList. A remote attacker can pass specially crafted input to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
35) Use-after-free (CVE-ID: CVE-2025-24855)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in numbers.c when handling nested XPath evaluations. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
36) Improper access control (CVE-ID: CVE-2025-24183)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Perl component. A remote local user can modify protected parts of the file system.
37) Information exposure through log files (CVE-ID: CVE-2025-31242)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in StoreKit. A local application can access sensitive user data.
38) Path traversal (CVE-ID: CVE-2025-31248)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to input validation error when processing directory paths in UserAccountUpdater. A local application can gain access to sensitive user data.
39) Out-of-bounds read (CVE-ID: CVE-2025-43374)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Wi-Fi component. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of kernel memory.
Remediation
Install update from vendor's website.