SB20250916107 - Multiple vulnerabilities in Apple macOS Sonoma
Published: September 16, 2025 Updated: November 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 41 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2024-27280)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the "ungetbyte" and "ungetc" methods. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
2) Input validation error (CVE-ID: CVE-2025-31259)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in SoftwareUpdate. A local application can execute arbitrary code with elevated privileges.
3) Improper access control (CVE-ID: CVE-2025-43332)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Security Initialization. A local application can trick the victim into opening a specially crafted file and break out of its sandbox.
4) Improper input validation (CVE-ID: CVE-2025-43293)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in SharedFileList. A local application can access sensitive user data.
5) Improper input validation (CVE-ID: CVE-2025-43291)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in SharedFileList. A local application can modify protected parts of the file system.
6) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43286)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in SharedFileList. A local application can break out of its sandbox.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43358)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local user can bypass sandbox restrictions.
8) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43190)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in Spell Check. A local application can trick the victim into opening a specially crafted file and access sensitive user data.
9) Race condition (CVE-ID: CVE-2025-40909)
The vulnerability allows a local user to tamper with application's behavior.
The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.
10) Improper access control (CVE-ID: CVE-2025-24197)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Spotlight. A local application can access sensitive user data.
11) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43341)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Storage. A local application can gain root privileges.
12) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43314)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in StorageKit. A local application can trick the victim into opening a specially crafted file and access sensitive user data.
13) State issues (CVE-ID: CVE-2025-43304)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in StorageKit. A local application can gain root privileges.
14) Improper access control (CVE-ID: CVE-2025-43311)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Touch Bar. A local application can access protected user data.
15) Improper access control (CVE-ID: CVE-2025-43308)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Touch Bar Controls. A local application can access sensitive user data.
16) Protection Mechanism Failure (CVE-ID: CVE-2025-43310)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in WindowServer. A local application can trick the victim into copying sensitive data to the pasteboard.
17) Permissions, privileges, and access controls (CVE-ID: CVE-2025-31269)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Printing. A local application can access protected user data.
18) Improper limitation of a pathname to a restricted directory ('path traversal') (CVE-ID: CVE-2025-43298)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to incorrect handling of path names in PackageKit. A local application can trick the victim into opening a specially crafted file and gain root privileges.
19) Memory corruption (CVE-ID: CVE-2025-43312)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AMD. A local application can cause unexpected system termination.
20) Out-of-bounds write (CVE-ID: CVE-2025-43302)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write in IOHIDFamily. A local application can cause unexpected system termination.
21) Protection Mechanism Failure (CVE-ID: CVE-2025-43321)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due an error in AppKit when accessing unsigned services from launching on Intel Macs. A local application can gain access to sensitive information.
22) Permissions, privileges, and access controls (CVE-ID: CVE-2025-31268)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Apple Online Store Kit. A local application can access protected user data.
23) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43285)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in AppSandbox. A local application can access protected user data.
24) Out-of-bounds write (CVE-ID: CVE-2025-43349)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write in CoreAudio. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
25) Buffer overflow (CVE-ID: CVE-2025-43277)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreAudio when processing media files. A remote attacker can create a specially crafted media file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43273)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to CoreAudio does not properly impose security restrictions. A sandboxed process may be able to circumvent sandbox restrictions.
27) Improper access control (CVE-ID: CVE-2025-43305)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreServices. A local application can access private information.
28) Memory corruption (CVE-ID: CVE-2025-43326)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can access sensitive user data.
29) State issues (CVE-ID: CVE-2025-31255)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in IOKit. A local application can access sensitive user data.
30) Information exposure through log files (CVE-ID: CVE-2025-43301)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Notification Center. A local application can access contact info related to notifications in Notification Center.
31) State Issues (CVE-ID: CVE-2025-43359)
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to a log error within the OS kernel. A UDP server socket bound to a local interface may become bound to all interfaces exposing services on the Internet.
32) Improper input validation (CVE-ID: CVE-2025-43299)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.
33) Improper input validation (CVE-ID: CVE-2025-43295)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.
34) Heap-based buffer overflow (CVE-ID: CVE-2025-43353)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libinfo. A remote attacker can trick the victim into opening a specially crafted image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Improper input validation (CVE-ID: CVE-2025-43319)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in MediaLibrary. A local application can access protected user data.
36) Improper input validation (CVE-ID: CVE-2025-43315)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in MigrationKit. A local application can access user-sensitive data.
37) Memory corruption (CVE-ID: CVE-2025-43355)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in MobileStorageMounter. A local application can cause a denial-of-service.
38) Improper access control (CVE-ID: CVE-2025-43231)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in LaunchServices. A local application can gain access to user-sensitive data.
39) Information disclosure (CVE-ID: CVE-2025-43367)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Siri application. A local application can gain access to protected user data.
40) Improper access control (CVE-ID: CVE-2025-43345)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Kernel. A local application can access sensitive user data.
41) Race condition (CVE-ID: CVE-2025-43364)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in NetFSFramework. A local user can exploit the race and break out of its sandbox.
Remediation
Install update from vendor's website.