cvelistv5 - cve-2025-46285

CVE-2025-46285 (GCVE-0-2025-46285)

Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2025-12-17 20:46

Summary

An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

An app may be able to gain root privileges

Assigner

apple

References

URL

CERTFR-2025-AVI-1110

Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Apple indique que les vulnérabilités CVE-2025-14174 et CVE-2025-43529 sont activement exploitées.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Sonoma versions antérieures à 14.8.3
Apple	watchOS	watchOS versions antérieures à 26.2
Apple	iOS	iOS versions 26.x antérieures à 26.2
Apple	macOS	macOS Tahoe versions antérieures à 26.2
Apple	macOS	macOS Sequoia versions antérieures à 15.7.3
Apple	tvOS	tvOS versions antérieures à 26.2
Apple	Safari	Safari versions antérieures à 26.2
Apple	iOS	iOS versions 18.7.x antérieures à 18.7.3
Apple	iPadOS	iPadOS versions 18.7.x antérieures à 18.7.3
Apple	visionOS	visionOS versions antérieures à 26.2
Apple	iPadOS	iPadOS versions 26.x antérieures à 26.2

References

Title

Publication Time

GHSA-P5PJ-G9WC-C3V2

Vulnerability from github – Published: 2025-12-12 21:31 – Updated: 2025-12-17 21:30

Details

An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root privileges.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-46285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-12T21:15:57Z",
    "severity": "HIGH"
  },
  "details": "An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root privileges.",
  "id": "GHSA-p5pj-g9wc-c3v2",
  "modified": "2025-12-17T21:30:44Z",
  "published": "2025-12-12T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46285"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125884"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125885"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125886"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125887"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125888"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125889"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125890"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125891"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2025-0397

Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:08 - Updated: 2025-12-15 09:08

Summary

Kwetsbaarheden verholpen in Apple iOS en iPadOS

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)

Interpretaties

De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.

Oplossingen

Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-371

CWE-416

Use After Free

CWE-451

User Interface (UI) Misrepresentation of Critical Information

CWE-456

Missing Initialization of a Variable

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS (versies 18.7.3 en 26.2)",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten onder andere een use-after-free probleem, een geheugenbeschadiging, en een logboekprobleem dat ongeautoriseerde toegang tot gevoelige gebruikersdata mogelijk maakte. Deze kwetsbaarheden konden worden uitgebuit door kwaadwillenden via speciaal vervaardigde gegevens of door misbruik van de loggingmechanismen. De fixes omvatten verbeterde geheugenbeheerpraktijken en strengere controles om de integriteit van gebruikersgegevens te waarborgen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren, een malafide bestand te openen of link te volgen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "CWE-371",
        "title": "CWE-371"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "Missing Initialization of a Variable",
        "title": "CWE-456"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125884"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125885"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
    "tracking": {
      "current_release_date": "2025-12-15T09:08:39.804149Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0397",
      "initial_release_date": "2025-12-15T09:08:39.804149Z",
      "revision_history": [
        {
          "date": "2025-12-15T09:08:39.804149Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "iOS, iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2025-5918",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5918 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-5918"
    },
    {
      "cve": "CVE-2025-9086",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9086 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43428",
      "notes": [
        {
          "category": "description",
          "text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43428 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
        }
      ],
      "title": "CVE-2025-43428"
    },
    {
      "cve": "CVE-2025-43475",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43475 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43475.json"
        }
      ],
      "title": "CVE-2025-43475"
    },
    {
      "cve": "CVE-2025-43501",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43501 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
        }
      ],
      "title": "CVE-2025-43501"
    },
    {
      "cve": "CVE-2025-43511",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-43511"
    },
    {
      "cve": "CVE-2025-43512",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43512 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
        }
      ],
      "title": "CVE-2025-43512"
    },
    {
      "cve": "CVE-2025-43518",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43518 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
        }
      ],
      "title": "CVE-2025-43518"
    },
    {
      "cve": "CVE-2025-43529",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43530",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43530 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
        }
      ],
      "title": "CVE-2025-43530"
    },
    {
      "cve": "CVE-2025-43531",
      "notes": [
        {
          "category": "description",
          "text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43531 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
        }
      ],
      "title": "CVE-2025-43531"
    },
    {
      "cve": "CVE-2025-43532",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43532 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1"
          ]
        }
      ],
      "title": "CVE-2025-43532"
    },
    {
      "cve": "CVE-2025-43533",
      "notes": [
        {
          "category": "description",
          "text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43535",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improvements in memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43535 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
        }
      ],
      "title": "CVE-2025-43535"
    },
    {
      "cve": "CVE-2025-43536",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43536 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
        }
      ],
      "title": "CVE-2025-43536"
    },
    {
      "cve": "CVE-2025-43538",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43538 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
        }
      ],
      "title": "CVE-2025-43538"
    },
    {
      "cve": "CVE-2025-43539",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43539 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
        }
      ],
      "title": "CVE-2025-43539"
    },
    {
      "cve": "CVE-2025-43541",
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43541 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
        }
      ],
      "title": "CVE-2025-43541"
    },
    {
      "cve": "CVE-2025-43542",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43542 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
        }
      ],
      "title": "CVE-2025-43542"
    },
    {
      "cve": "CVE-2025-46276",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46276 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
        }
      ],
      "title": "CVE-2025-46276"
    },
    {
      "cve": "CVE-2025-46277",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46277 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
        }
      ],
      "title": "CVE-2025-46277"
    },
    {
      "cve": "CVE-2025-46279",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46279 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
        }
      ],
      "title": "CVE-2025-46279"
    },
    {
      "cve": "CVE-2025-46285",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46285 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
        }
      ],
      "title": "CVE-2025-46285"
    },
    {
      "cve": "CVE-2025-46287",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46287 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
        }
      ],
      "title": "CVE-2025-46287"
    },
    {
      "cve": "CVE-2025-46288",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46288 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
        }
      ],
      "title": "CVE-2025-46288"
    },
    {
      "cve": "CVE-2025-46292",
      "notes": [
        {
          "category": "description",
          "text": "The issue was resolved through the implementation of additional entitlement checks to enhance security measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46292 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46292.json"
        }
      ],
      "title": "CVE-2025-46292"
    }
  ]
}

NCSC-2025-0396

Vulnerability from csaf_ncscnl - Published: 2025-12-15 09:06 - Updated: 2025-12-15 09:06

Summary

Kwetsbaarheden verholpen in Apple macOS

Notes

Feiten

Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).

Interpretaties

De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.

Oplossingen

Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-275

CWE-280

Improper Handling of Insufficient Permissions or Privileges

CWE-284

Improper Access Control

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

CWE-371

CWE-404

Improper Resource Shutdown or Release

CWE-416

Use After Free

CWE-451

User Interface (UI) Misrepresentation of Critical Information

CWE-456

Missing Initialization of a Variable

CWE-488

Exposure of Data Element to Wrong Session

CWE-524

Use of Cache Containing Sensitive Information

CWE-532

Insertion of Sensitive Information into Log File

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-862

Missing Authorization

CWE-1018

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in macOS Sonoma (14.8.3), macOS Sequoia (15.7.3) en macOS Tahoe (26.2).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten een breed scala aan problemen, waaronder geheugenbeschadiging, logboekproblemen, en ongeoorloofde toegang tot gevoelige gebruikersgegevens. Deze kwetsbaarheden konden worden misbruikt door kwaadwillenden om ongeautoriseerde toegang te verkrijgen of om de stabiliteit van het systeem in gevaar te brengen.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren of bestand te openen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "CWE-275",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Handling of Insufficient Permissions or Privileges ",
        "title": "CWE-280"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Exposure of Private Personal Information to an Unauthorized Actor",
        "title": "CWE-359"
      },
      {
        "category": "general",
        "text": "CWE-371",
        "title": "CWE-371"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "Missing Initialization of a Variable",
        "title": "CWE-456"
      },
      {
        "category": "general",
        "text": "Exposure of Data Element to Wrong Session",
        "title": "CWE-488"
      },
      {
        "category": "general",
        "text": "Use of Cache Containing Sensitive Information",
        "title": "CWE-524"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      },
      {
        "category": "general",
        "text": "CWE-1018",
        "title": "CWE-1018"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125886"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125887"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/125888"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple macOS",
    "tracking": {
      "current_release_date": "2025-12-15T09:06:36.450655Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0396",
      "initial_release_date": "2025-12-15T09:06:36.450655Z",
      "revision_history": [
        {
          "date": "2025-12-15T09:06:36.450655Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sequoia"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sonoma"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Tahoe"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Communications Applications, MySQL, Database Server, and NetApp products can be exploited by remote attackers, affecting confidentiality, integrity, and availability, with varying CVSS scores indicating medium to significant damage potential.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2024-8906",
      "notes": [
        {
          "category": "description",
          "text": "Chrome 129 and Microsoft Edge have multiple vulnerabilities, including remote code execution and denial of service risks, with specific issues like CVE-2024-8906 affecting Chrome\u0027s Downloads UI.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8906 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8906.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2024-8906"
    },
    {
      "cve": "CVE-2025-5918",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "The libarchive library update addresses multiple vulnerabilities, including integer overflows and heap buffer over reads, with a specific issue allowing reading past EOF in piped file streams, affecting Apple Software.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5918 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5918.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-5918"
    },
    {
      "cve": "CVE-2025-9086",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates to curl and Apple Software address multiple vulnerabilities, including out-of-bounds reads, cookie path issues, and denial of service risks in various versions of affected products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9086 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Google Chromium has multiple vulnerabilities, including a high-severity out of bounds memory access in ANGLE affecting various browsers, alongside resolved use-after-free and memory corruption issues.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43320",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 has resolved an issue where an app could bypass launch constraint protections and execute malicious code with elevated privileges by implementing additional logic.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43320 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43320.json"
        }
      ],
      "title": "CVE-2025-43320"
    },
    {
      "cve": "CVE-2025-43410",
      "cwe": {
        "id": "CWE-524",
        "name": "Use of Cache Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Cache Containing Sensitive Information",
          "title": "CWE-524"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.2 and macOS Sonoma 14.8.2 have resolved a cache handling issue that allowed physical access attackers to view deleted notes through improved cache management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43410 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43410.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43410"
    },
    {
      "cve": "CVE-2025-43416",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue related to access to protected user data through enhanced restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43416 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43416.json"
        }
      ],
      "title": "CVE-2025-43416"
    },
    {
      "cve": "CVE-2025-43428",
      "notes": [
        {
          "category": "description",
          "text": "A configuration issue was resolved by implementing additional restrictions to enhance system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43428 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43428.json"
        }
      ],
      "title": "CVE-2025-43428"
    },
    {
      "cve": "CVE-2025-43463",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS versions 14.8.3, 26.1, and 15.7.3 have resolved a parsing issue in directory path handling through enhanced path validation, potentially allowing apps to access sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43463 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43463.json"
        }
      ],
      "title": "CVE-2025-43463"
    },
    {
      "cve": "CVE-2025-43482",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved a denial-of-service vulnerability through enhanced input validation measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43482 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43482.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43482"
    },
    {
      "cve": "CVE-2025-43501",
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow vulnerability has been addressed through improved memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43501 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43501.json"
        }
      ],
      "title": "CVE-2025-43501"
    },
    {
      "cve": "CVE-2025-43509",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced data protection measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43509 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43509.json"
        }
      ],
      "title": "CVE-2025-43509"
    },
    {
      "cve": "CVE-2025-43511",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "iOS 18.7.2 and iPadOS 18.7.2 addressed a use-after-free vulnerability in memory management that could lead to process crashes when handling malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43511 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43511"
    },
    {
      "cve": "CVE-2025-43512",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue that could allow privilege elevation through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43512 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43512.json"
        }
      ],
      "title": "CVE-2025-43512"
    },
    {
      "cve": "CVE-2025-43513",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a permissions issue by removing vulnerable code that allowed unauthorized access to sensitive location information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43513 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43513.json"
        }
      ],
      "title": "CVE-2025-43513"
    },
    {
      "cve": "CVE-2025-43514",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improved cache management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43514 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43514.json"
        }
      ],
      "title": "CVE-2025-43514"
    },
    {
      "cve": "CVE-2025-43516",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a session management vulnerability that allowed users with Voice Control enabled to transcribe another user\u0027s activity through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43516 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43516.json"
        }
      ],
      "title": "CVE-2025-43516"
    },
    {
      "cve": "CVE-2025-43517",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 addressed a privacy issue related to log entries by enhancing private data redaction, preventing unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43517 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43517.json"
        }
      ],
      "title": "CVE-2025-43517"
    },
    {
      "cve": "CVE-2025-43518",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a logic issue in the spellcheck API that allowed inappropriate file access through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43518 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43518.json"
        }
      ],
      "title": "CVE-2025-43518"
    },
    {
      "cve": "CVE-2025-43519",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a permissions issue that previously allowed apps to access sensitive user data by implementing additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43519 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43519.json"
        }
      ],
      "title": "CVE-2025-43519"
    },
    {
      "cve": "CVE-2025-43521",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing additional code-signing restrictions to enhance user data protection.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43521 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43521.json"
        }
      ],
      "title": "CVE-2025-43521"
    },
    {
      "cve": "CVE-2025-43522",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves a downgrade issue on Intel-based Mac computers by implementing enhanced code-signing restrictions to protect user-sensitive data from unauthorized access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43522 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43522.json"
        }
      ],
      "title": "CVE-2025-43522"
    },
    {
      "cve": "CVE-2025-43523",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 has resolved a permissions issue that previously allowed unauthorized access to sensitive user data by implementing additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43523 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43523.json"
        }
      ],
      "title": "CVE-2025-43523"
    },
    {
      "cve": "CVE-2025-43526",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through the implementation of enhanced URL validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43526 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43526.json"
        }
      ],
      "title": "CVE-2025-43526"
    },
    {
      "cve": "CVE-2025-43527",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Insufficient Permissions or Privileges ",
          "title": "CWE-280"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 has addressed a permissions issue that could allow apps to gain root privileges through additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43527 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43527.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43527"
    },
    {
      "cve": "CVE-2025-43529",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates addressed a use-after-free vulnerability and a memory corruption issue by enhancing memory management and implementing improved validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43530",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have resolved the issue of apps accessing sensitive user data through enhanced checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43530 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43530.json"
        }
      ],
      "title": "CVE-2025-43530"
    },
    {
      "cve": "CVE-2025-43531",
      "notes": [
        {
          "category": "description",
          "text": "A race condition issue was effectively resolved through enhancements in state management, improving system reliability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43531 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43531.json"
        }
      ],
      "title": "CVE-2025-43531"
    },
    {
      "cve": "CVE-2025-43532",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue that could lead to unexpected app termination when processing malicious data through improved bounds checking.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43532 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43532.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43532"
    },
    {
      "cve": "CVE-2025-43533",
      "notes": [
        {
          "category": "description",
          "text": "Enhanced input validation measures have resolved multiple memory corruption issues, improving overall system security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43535",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improvements in memory management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43535 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43535.json"
        }
      ],
      "title": "CVE-2025-43535"
    },
    {
      "cve": "CVE-2025-43536",
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was addressed through improved memory management techniques, enhancing overall system stability and security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43536 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43536.json"
        }
      ],
      "title": "CVE-2025-43536"
    },
    {
      "cve": "CVE-2025-43538",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 has addressed a logging issue that previously allowed unauthorized access to sensitive user data through enhanced data redaction measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43538 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43538.json"
        }
      ],
      "title": "CVE-2025-43538"
    },
    {
      "cve": "CVE-2025-43539",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed a memory corruption issue through enhanced bounds checks during file processing.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43539 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43539.json"
        }
      ],
      "title": "CVE-2025-43539"
    },
    {
      "cve": "CVE-2025-43541",
      "notes": [
        {
          "category": "description",
          "text": "A type confusion vulnerability was effectively addressed through improved state management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43541 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43541.json"
        }
      ],
      "title": "CVE-2025-43541"
    },
    {
      "cve": "CVE-2025-43542",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.3 resolves the issue of password fields being unintentionally exposed during FaceTime remote control through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43542 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43542.json"
        }
      ],
      "title": "CVE-2025-43542"
    },
    {
      "cve": "CVE-2025-46276",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an information disclosure issue by implementing enhanced privacy controls to prevent unauthorized access to sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46276 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46276.json"
        }
      ],
      "title": "CVE-2025-46276"
    },
    {
      "cve": "CVE-2025-46277",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue was addressed through the enhancement of data redaction measures to improve security and protect sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46277 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46277.json"
        }
      ],
      "title": "CVE-2025-46277"
    },
    {
      "cve": "CVE-2025-46278",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed through improved cache management techniques.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46278 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46278.json"
        }
      ],
      "title": "CVE-2025-46278"
    },
    {
      "cve": "CVE-2025-46279",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46279 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46279.json"
        }
      ],
      "title": "CVE-2025-46279"
    },
    {
      "cve": "CVE-2025-46281",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was resolved through the implementation of enhanced checks, improving the overall security posture.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46281 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46281.json"
        }
      ],
      "title": "CVE-2025-46281"
    },
    {
      "cve": "CVE-2025-46282",
      "notes": [
        {
          "category": "description",
          "text": "The issue was addressed by implementing additional permissions checks to enhance security measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46282 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46282.json"
        }
      ],
      "title": "CVE-2025-46282"
    },
    {
      "cve": "CVE-2025-46283",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46283 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
        }
      ],
      "title": "CVE-2025-46283"
    },
    {
      "cve": "CVE-2025-46285",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 have addressed an integer overflow vulnerability that could grant root privileges by implementing 64-bit timestamps.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46285 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46285.json"
        }
      ],
      "title": "CVE-2025-46285"
    },
    {
      "cve": "CVE-2025-46287",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved an inconsistent user interface issue related to FaceTime caller ID spoofing through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46287 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46287.json"
        }
      ],
      "title": "CVE-2025-46287"
    },
    {
      "cve": "CVE-2025-46288",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue was addressed through the implementation of additional restrictions to enhance security controls.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46288 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46288.json"
        }
      ],
      "title": "CVE-2025-46288"
    },
    {
      "cve": "CVE-2025-46289",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3 resolved a logic issue in file handling that could have allowed unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46289 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46289.json"
        }
      ],
      "title": "CVE-2025-46289"
    },
    {
      "cve": "CVE-2025-46291",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was effectively addressed through the implementation of enhanced validation measures, improving overall system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46291 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46291.json"
        }
      ],
      "title": "CVE-2025-46291"
    }
  ]
}

FKIE_CVE-2025-46285

Vulnerability from fkie_nvd - Published: 2025-12-12 21:15 - Updated: 2025-12-17 21:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/125884
product-security@apple.com	https://support.apple.com/en-us/125885
product-security@apple.com	https://support.apple.com/en-us/125886
product-security@apple.com	https://support.apple.com/en-us/125887	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125888	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125889
product-security@apple.com	https://support.apple.com/en-us/125890
product-security@apple.com	https://support.apple.com/en-us/125891

Impacted products

	Vendor	Product	Version
	apple	macos	*
	apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E37DC2A-33E6-480B-8DFE-4F6558F0A895",
              "versionEndExcluding": "14.8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3428C860-E02D-4FE9-96F4-58EEAAB8321D",
              "versionEndExcluding": "15.7.3",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges."
    }
  ],
  "id": "CVE-2025-46285",
  "lastModified": "2025-12-17T21:16:13.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-12T21:15:57.863",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/125884"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/125885"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/125886"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125887"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125888"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/125889"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/125890"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/125891"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-46285 (GCVE-0-2025-46285)

CERTFR-2025-AVI-1110

Solutions

GHSA-P5PJ-G9WC-C3V2

NCSC-2025-0397

NCSC-2025-0396

FKIE_CVE-2025-46285

Tags

Sightings

Nomenclature