Apple Patches Everything, Again
Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as already exploited. Apple only offers very sparse vulnerability descriptions. Here are some vulnerabilities that may be worth watching:
CVE-2025-43338, CVE-2025-43372: A memory corruption vulnerability in ImageIO. ImageIO is responsible for rendering images, and vulnerabilities like this have been exploited in the past for remote code execution. CVE-2025-43400, a vulnerability affecting FontParser, could have a similar impact.
CVE-2025-43431: A memory corruption issue in WebKit. This could be used to execute code via Safari.
| iOS 26.1 and iPadOS 26.1 | macOS Tahoe 26.1 | macOS Sequoia 15.7.2 | macOS Sonoma 14.8.2 | tvOS 26.1 | watchOS 26.1 | visionOS 26.1 | Safari 26.1 | Xcode 26.1 |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31199: An app may be able to access sensitive user data. Affects Spotlight |
||||||||
| x | ||||||||
| CVE-2025-43292: An app may be able to access sensitive user data. Affects CoreMedia |
||||||||
| x | ||||||||
| CVE-2025-43294: An app may be able to access sensitive user data. Affects MallocStackLogging |
||||||||
| x | x | x | ||||||
| CVE-2025-43322: An app may be able to access user-sensitive data. Affects Admin Framework |
||||||||
| x | x | x | ||||||
| CVE-2025-43334: An app may be able to access user-sensitive data. Affects sudo |
||||||||
| x | x | x | ||||||
| CVE-2025-43335: An app may be able to access user-sensitive data. Affects Security |
||||||||
| x | x | x | ||||||
| CVE-2025-43336: An app with root privileges may be able to access private information. Affects SoftwareUpdate |
||||||||
| x | x | x | ||||||
| CVE-2025-43337: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
||||||||
| x | ||||||||
| CVE-2025-43338: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects ImageIO |
||||||||
| x | ||||||||
| CVE-2025-43348: An app may bypass Gatekeeper checks. Affects Finder |
||||||||
| x | x | x | ||||||
| CVE-2025-43350: An attacker may be able to view restricted content from the lock screen. Affects Control Center |
||||||||
| x | ||||||||
| CVE-2025-43351: An app may be able to access protected user data. Affects StorageKit |
||||||||
| x | ||||||||
| CVE-2025-43361: A malicious app may be able to read kernel memory. Affects Audio |
||||||||
| x | x | |||||||
| CVE-2025-43364: An app may be able to break out of its sandbox. Affects NetFSFramework |
||||||||
| x | ||||||||
| CVE-2025-43372: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects ImageIO |
||||||||
| x | ||||||||
| CVE-2025-43373: An app may be able to cause unexpected system termination or corrupt kernel memory. Affects Wi-Fi |
||||||||
| x | x | x | ||||||
| CVE-2025-43377: An app may be able to cause a denial-of-service. Affects Model I/O |
||||||||
| x | x | |||||||
| CVE-2025-43378: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
||||||||
| x | x | |||||||
| CVE-2025-43379: An app may be able to access protected user data. Affects AppleMobileFileIntegrity |
||||||||
| x | x | x | x | x | x | x | ||
| CVE-2025-43380: Parsing a file may lead to an unexpected app termination. Affects sips |
||||||||
| x | x | x | ||||||
| CVE-2025-43381: A malicious app may be able to delete protected user data. Affects CoreServicesUIAgent |
||||||||
| x | ||||||||
| CVE-2025-43382: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
||||||||
| x | x | x | ||||||
| CVE-2025-43383: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects Model I/O |
||||||||
| x | x | x | x | |||||
| CVE-2025-43384: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects Model I/O |
||||||||
| x | ||||||||
| CVE-2025-43387: A malicious app may be able to gain root privileges. Affects DiskArbitration |
||||||||
| x | x | |||||||
| CVE-2025-43389: An app may be able to access sensitive user data. Affects Notes |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43390: An app may be able to access user-sensitive data. Affects AppleMobileFileIntegrity |
||||||||
| x | x | |||||||
| CVE-2025-43391: An app may be able to access sensitive user data. Affects Photos |
||||||||
| x | x | x | x | |||||
| CVE-2025-43392: A website may exfiltrate image data cross-origin. Affects WebKit Canvas |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43393: An app may be able to break out of its sandbox. Affects quarantine |
||||||||
| x | ||||||||
| CVE-2025-43394: An app may be able to access protected user data. Affects bootp |
||||||||
| x | x | x | ||||||
| CVE-2025-43395: An app may be able to access protected user data. Affects configd |
||||||||
| x | x | x | ||||||
| CVE-2025-43396: A sandboxed app may be able to access sensitive user data. Affects Installer |
||||||||
| x | x | x | ||||||
| CVE-2025-43397: An app may be able to cause a denial-of-service. Affects SoftwareUpdate |
||||||||
| x | x | x | ||||||
| CVE-2025-43398: An app may be able to cause unexpected system termination. Affects Kernel |
||||||||
| x | x | x | x | x | x | x | ||
| CVE-2025-43399: An app may be able to access protected user data. Affects Siri |
||||||||
| x | x | |||||||
| CVE-2025-43400: Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory. Affects FontParser |
||||||||
| x | x | |||||||
| CVE-2025-43401: A remote attacker may be able to cause a denial-of-service. Affects CoreAnimation |
||||||||
| x | x | x | ||||||
| CVE-2025-43402: An app may be able to cause unexpected system termination or corrupt process memory. Affects WindowServer |
||||||||
| x | ||||||||
| CVE-2025-43404: An app may be able to access sensitive user data. Affects Sandbox |
||||||||
| x | ||||||||
| CVE-2025-43405: An app may be able to access user-sensitive data. Affects Photos |
||||||||
| x | x | x | ||||||
| CVE-2025-43406: An app may be able to access sensitive user data. Affects Sandbox |
||||||||
| x | ||||||||
| CVE-2025-43407: An app may be able to break out of its sandbox. Affects Assets |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43408: An attacker with physical access may be able to access contacts from the lock screen. Affects Share Sheet |
||||||||
| x | x | x | ||||||
| CVE-2025-43409: An app may be able to access sensitive user data. Affects Spotlight |
||||||||
| x | x | |||||||
| CVE-2025-43411: An app may be able to access user-sensitive data. Affects PackageKit |
||||||||
| x | x | x | ||||||
| CVE-2025-43412: An app may be able to break out of its sandbox. Affects TCC |
||||||||
| x | x | x | ||||||
| CVE-2025-43413: A sandboxed app may be able to observe system-wide network connections. Affects libxpc |
||||||||
| x | x | x | x | x | x | x | ||
| CVE-2025-43414: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. Affects Shortcuts |
||||||||
| x | x | x | ||||||
| CVE-2025-43420: An app may be able to access sensitive user data. Affects Dock |
||||||||
| x | x | x | ||||||
| CVE-2025-43421: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | |||||
| CVE-2025-43422: An attacker with physical access to a device may be able to disable Stolen Device Protection. Affects Stolen Device Protection |
||||||||
| x | ||||||||
| CVE-2025-43423: An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging. Affects Audio |
||||||||
| x | x | x | x | |||||
| CVE-2025-43424: A malicious HID device may cause an unexpected process crash. Affects Multi-Touch |
||||||||
| x | x | |||||||
| CVE-2025-43425: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43426: An app may be able to access sensitive user data. Affects Contacts |
||||||||
| x | x | |||||||
| CVE-2025-43427: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43429: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43430: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | ||||||||
| CVE-2025-43431: Processing maliciously crafted web content may lead to memory corruption. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43432: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43434: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43436: An app may be able to enumerate a user's installed apps. Affects CoreServices |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43439: An app may be able to fingerprint the user. Affects On-device Intelligence |
||||||||
| x | x | |||||||
| CVE-2025-43440: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43442: An app may be able to identify what other apps a user has installed. Affects Accessibility |
||||||||
| x | ||||||||
| CVE-2025-43443: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43444: An app may be able to fingerprint the user. Affects Installer |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43445: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. Affects CoreText |
||||||||
| x | x | x | x | x | x | x | ||
| CVE-2025-43446: An app may be able to modify protected parts of the file system. Affects Assets |
||||||||
| x | x | x | ||||||
| CVE-2025-43448: An app may be able to break out of its sandbox. Affects CloudKit |
||||||||
| x | x | x | x | x | x | x | ||
| CVE-2025-43449: A malicious app may be able to track users between installs. Affects Apple TV Remote |
||||||||
| x | ||||||||
| CVE-2025-43450: An app may be able to learn information about the current camera view before being granted camera access. Affects Camera |
||||||||
| x | ||||||||
| CVE-2025-43452: Keyboard suggestions may display sensitive information on the lock screen. Affects Text Input |
||||||||
| x | ||||||||
| CVE-2025-43454: A device may persistently fail to lock. Affects Siri |
||||||||
| x | ||||||||
| CVE-2025-43455: A malicious app may be able to take a screenshot of sensitive information in embedded views. Affects Apple Account |
||||||||
| x | x | x | x | |||||
| CVE-2025-43459: An attacker with physical access to a locked Apple Watch may be able to view Live Voicemail. Affects Phone |
||||||||
| x | ||||||||
| CVE-2025-43460: An attacker with physical access to a locked device may be able to view sensitive user information. Affects Status Bar |
||||||||
| x | ||||||||
| CVE-2025-43461: An app may be able to access protected user data. Affects configd |
||||||||
| x | ||||||||
| CVE-2025-43462: An app may be able to cause unexpected system termination or corrupt kernel memory. Affects Apple Neural Engine |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43463: An app may be able to access sensitive user data. Affects StorageKit |
||||||||
| x | ||||||||
| CVE-2025-43464: Visiting a website may lead to an app denial-of-service. Affects dyld |
||||||||
| x | ||||||||
| CVE-2025-43465: An app may be able to access sensitive user data. Affects ATS |
||||||||
| x | ||||||||
| CVE-2025-43466: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
||||||||
| x | ||||||||
| CVE-2025-43467: An app may be able to gain root privileges. Affects Installer |
||||||||
| x | ||||||||
| CVE-2025-43468: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
||||||||
| x | x | x | ||||||
| CVE-2025-43469: An app may be able to access sensitive user data. Affects NSSpellChecker |
||||||||
| x | x | x | ||||||
| CVE-2025-43471: An app may be able to access sensitive user data. Affects Admin Framework |
||||||||
| x | ||||||||
| CVE-2025-43472: An app may be able to gain root privileges. Affects zsh |
||||||||
| x | x | x | ||||||
| CVE-2025-43473: An app may be able to access sensitive user data. Affects Shortcuts |
||||||||
| x | ||||||||
| CVE-2025-43474: An app may be able to cause unexpected system termination or read kernel memory. Affects GPU Drivers |
||||||||
| x | x | x | ||||||
| CVE-2025-43476: An app may be able to break out of its sandbox. Affects SharedFileList |
||||||||
| x | x | x | ||||||
| CVE-2025-43477: An app may be able to access sensitive user data. Affects Siri |
||||||||
| x | x | x | ||||||
| CVE-2025-43478: An app may be able to cause unexpected system termination. Affects ASP TCP |
||||||||
| x | x | x | ||||||
| CVE-2025-43479: An app may be able to access sensitive user data. Affects CoreServices |
||||||||
| x | x | x | ||||||
| CVE-2025-43480: A malicious website may exfiltrate data cross-origin. Affects WebKit |
||||||||
| x | x | x | x | x | x | |||
| CVE-2025-43481: An app may be able to break out of its sandbox. Affects Disk Images |
||||||||
| x | x | |||||||
| CVE-2025-43493: Visiting a malicious website may lead to address bar spoofing. Affects Safari |
||||||||
| x | x | x | x | |||||
| CVE-2025-43495: An app may be able to monitor keystrokes without user permission. Affects WebKit |
||||||||
| x | ||||||||
| CVE-2025-43496: Remote content may be loaded even when the 'Load Remote Images' setting is turned off. Affects Mail Drafts |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43497: An app may be able to break out of its sandbox. Affects BackBoardServices |
||||||||
| x | ||||||||
| CVE-2025-43498: An app may be able to access sensitive user data. Affects FileProvider |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43499: An app may be able to access sensitive user data. Affects Shortcuts |
||||||||
| x | x | x | ||||||
| CVE-2025-43500: An app may be able to access sensitive user data. Affects Sandbox Profiles |
||||||||
| x | x | x | x | |||||
| CVE-2025-43502: An app may be able to bypass certain Privacy preferences. Affects Safari |
||||||||
| x | x | x | x | |||||
| CVE-2025-43503: Visiting a malicious website may lead to user interface spoofing. Affects Safari |
||||||||
| x | x | x | x | x | ||||
| CVE-2025-43504: A user in a privileged network position may be able to cause a denial-of-service. Affects lldb |
||||||||
| x | ||||||||
| CVE-2025-43505: Processing a maliciously crafted file may lead to heap corruption. Affects GNU |
||||||||
| x | ||||||||
| CVE-2025-43506: iCloud Private Relay may not activate when more than one user is logged in at the same time. Affects Networking |
||||||||
| x | ||||||||
| CVE-2025-43507: An app may be able to fingerprint the user. Affects Find My |
||||||||
| x | x | x | x | |||||
--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords: apple patches
0 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
×
![modal content]()
Diary Archives
Comments