APPLE-SA-09-15-2025-5 macOS Tahoe 26

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-09-15-2025-5 macOS Tahoe 26

macOS Tahoe 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125110.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Airport
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to read sensitive location information
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43208: Csaba Fitzl (@theevilbit) of Kandji, Kirin (@Pwnrin)

AMD
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2025-43312: ABC Research s.r.o.

AppKit
Available for: Mac Pro (2019), iMac (27-inch, 2020), MacBook Pro
(16-inch, 2019), and MacBook Pro (13-inch, 2020, Four Thunderbolt 3
ports)
Impact: An app may be able to access protected user data
Description: The issue was resolved by blocking unsigned services from
launching on Intel Macs.
CVE-2025-43321: Mickey Jin (@patch1t)

Apple Neural Engine
Available for: Mac Studio (2022 and later), iMac (2021 and later), Mac
mini (2020 and later), MacBook Air with Apple silicon (2020 and later),
and MacBook Pro with Apple silicon (2020 and later), Mac Pro (2023)
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43344: an anonymous researcher

Apple Online Store Kit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-31268: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji

AppleMobileFileIntegrity
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2025-43331: Mickey Jin (@patch1t), Kirin (@Pwnrin), Claudio Bozzato
and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43317: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43340: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43337: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji

AppSandbox
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43285: Zhongquan Li (@Guluisacat), Mickey Jin (@patch1t)

ATS
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43330: Bilal Siddiqui

Audio
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43346: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

Bluetooth
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2025-43307: Dawuge of Shuffle Team

Bluetooth
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43354: Csaba Fitzl (@theevilbit) of Kandji
CVE-2025-43303: Csaba Fitzl (@theevilbit) of Kandji

Call History
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software,
Guilherme Rambo of Best Buddy Apps (rambo.codes)

CoreAudio
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a maliciously crafted video file may lead to
unexpected app termination
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2025-43349: @zlluny working with Trend Micro Zero Day Initiative

CoreMedia
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with improved state
handling.
CVE-2025-43292: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji

CoreMedia
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input validation.
CVE-2025-43372: 이동하 (Lee Dong Ha) of SSA Lab

CoreServices
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to override MDM-enforced settings from
profiles
Description: The issue was addressed by adding additional logic.
CVE-2025-24088: Csaba Fitzl (@theevilbit) of Kandji

CoreServices
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: A malicious app may be able to access private information
Description: A logic issue was addressed with improved checks.
CVE-2025-43305: an anonymous researcher, Mickey Jin (@patch1t)

DiskArbitration
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43316: Csaba Fitzl (@theevilbit) of Kandji, an anonymous
researcher

FaceTime
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Incoming FaceTime calls can appear or be accepted on a locked
macOS device, even with notifications disabled on the lock screen
Description: This issue was addressed through improved state management.
CVE-2025-31271: Shantanu Thakur

Foundation
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-31270: an anonymous researcher

GPU Drivers
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43326: Wang Yu of Cyberserval

GPU Drivers
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43283: Anonymous working with Trend Micro Zero Day Initiative

Icons
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43325: an anonymous researcher

ImageIO
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a maliciously crafted image may corrupt process
memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43287: 이동하 (Lee Dong Ha) of SSA Lab

IOHIDFamily
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2025-43302: Keisuke Hosoda

IOKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state
management.
CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji

IOMobileFrameBuffer
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to disclose coprocessor memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43366: Ye Zhang (@VAR10CK) of Baidu Security

Kernel
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: A UDP server socket bound to a local interface may become bound
to all interfaces
Description: A logic issue was addressed with improved state management.
CVE-2025-43359: Viktor Oreshkin

libc
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2025-43299: Nathaniel Oh (@calysteon)
CVE-2025-43295: Nathaniel Oh (@calysteon)

Libinfo
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: The issue was addressed with improved bounds checks.
CVE-2025-43353: Nathaniel Oh (@calysteon)

MallocStackLogging
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables.
This issue was addressed with improved validation.
CVE-2025-43294: Gergely Kalman (@gergely_kalman)

MediaLibrary
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43319: Hikerell (Loadshine Lab)

MigrationKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43315: Rodolphe Brunetti (@eisw0lf) of Lupus Nova

MobileStorageMounter
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to cause a denial-of-service
Description: A type confusion issue was addressed with improved memory
handling.
CVE-2025-43355: Dawuge of Shuffle Team

Music
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved entitlements.
CVE-2025-43207: Rodolphe Brunetti (@eisw0lf) of Lupus Nova, an anonymous
researcher

Notification Center
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2025-43279: Kirin (@Pwnrin)

Notification Center
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access contact info related to
notifications in Notification Center
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2025-43301: LFY@secsys from Fudan University

PackageKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43298: an anonymous researcher

Perl
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Multiple issues in Perl
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-40909

Power Management
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to cause a denial-of-service
Description: A type confusion issue was addressed with improved memory
handling.
CVE-2025-43297: Dawuge of Shuffle Team

Printing
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-31269: Zhongcheng Li from IES Red Team of ByteDance

RemoteViewServices
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43204: @zlluny, Mickey Jin (@patch1t)

Ruby
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a file may lead to a denial-of-service or potentially
disclose memory contents
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-27280

Safari
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed by adding additional logic.
CVE-2025-43327: @RenwaX23

Sandbox
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43329: an anonymous researcher

Sandbox
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43328: Csaba Fitzl (@theevilbit) of Kandji

Sandbox
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app with root privileges may be able to access private
information
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43318: Yiğit Can YILMAZ (@yilmazcanyigit)

Screenshots
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to capture a screenshot of an app entering or
exiting full screen mode
Description: A privacy issue was addressed with improved checks.
CVE-2025-31259: an anonymous researcher

Security Initialization
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to break out of its sandbox
Description: A file quarantine bypass was addressed with additional
checks.
CVE-2025-43332: an anonymous researcher

SharedFileList
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved input validation.
CVE-2025-43293: an anonymous researcher

SharedFileList
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed by removing the
vulnerable code.
CVE-2025-43291: Ye Zhang of Baidu Security

SharedFileList
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43286: pattern-f (@pattern_F_), @zlluny

SharedFileList
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43369: an anonymous researcher

Shortcuts
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: A shortcut may be able to bypass sandbox restrictions
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43358: 정답이 아닌 해답

Siri
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access protected user data
Description: A privacy issue was addressed by moving sensitive data.
CVE-2025-43367: Kirin (@Pwnrin), Cristian Dinca of "Tudor Vianu"
National High School of Computer Science, Romania

Spell Check
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43190: Noah Gregory (wts.dev)

Spotlight
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43333: Gergely Kalman (@gergely_kalman)

Spotlight
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2025-24197: Rodolphe Brunetti (@eisw0lf) of Lupus Nova

SQLite
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965

Storage
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43341: an anonymous researcher

StorageKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43314: Mickey Jin (@patch1t)

StorageKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state
handling.
CVE-2025-43304: Mickey Jin (@patch1t)

System
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An input validation issue was addressed
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43347: JZ, Seo Hyun-gyu (@wh1te4ever), Luke Roberts (@rookuu)

Touch Bar
Available for: MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020,
Four Thunderbolt 3 ports), and MacBook Pro (13-inch, M1, 2020 and M2,
2022)
Impact: An app may be able to access protected user data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43311: Justin Elliot Fu, an anonymous researcher

Touch Bar Controls
Available for: MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020,
Four Thunderbolt 3 ports), and MacBook Pro (13-inch, M1, 2020 and M2,
2022)
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43308: an anonymous researcher

Trusted Device
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: USB Restricted Mode may not be applied to accessories connected
during boot
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43262: Pyrophoria, an anonymous researcher of GrapheneOS, James
J Kalafus, Michel Migdal

WebKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: A website may be able to access sensor information without user
consent
Description: The issue was addressed with improved handling of caches.
WebKit Bugzilla: 296153
CVE-2025-43356: Jaydev Ahire

WebKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 294550
CVE-2025-43272: Big Bear

WebKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 296490
CVE-2025-43343: an anonymous researcher

WebKit
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A correctness issue was addressed with improved checks.
WebKit Bugzilla: 296042
CVE-2025-43342: an anonymous researcher

WebKit Process Model
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 296276
CVE-2025-43368: Pawel Wylecial of REDTEAM.PL working with Trend Micro
Zero Day Initiative

WindowServer
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple
silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro
(13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple
silicon (2020 and later)
Impact: An app may be able to trick a user into copying sensitive data
to the pasteboard
Description: A configuration issue was addressed with additional
restrictions.
CVE-2025-43310: an anonymous researcher

Additional recognition

Accounts
We would like to acknowledge 要乐奈 for their assistance.

AMD
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

Airport
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for
their assistance.

AppleCredentialManager
We would like to acknowledge Anmol Jain for their assistance.

Application Firewall
We would like to acknowledge Dawuge of Shuffle Team for their
assistance.

AuthKit
We would like to acknowledge Rosyna Keller of Totally Not Malicious
Software for their assistance.

Bluetooth
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Books
We would like to acknowledge Keisuke Chinone (Iroiro) for their
assistance.

Calendar
We would like to acknowledge Keisuke Chinone (Iroiro) for their
assistance.

CFNetwork
We would like to acknowledge Christian Kohlschütter for their
assistance.

CloudKit
We would like to acknowledge Yinyi Wu (@_3ndy1) from Dawn Security Lab
of JD.com, Inc for their assistance.

Control Center
We would like to acknowledge Damitha Gunawardena for their assistance.

Core Bluetooth
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

CoreMedia
We would like to acknowledge Nathaniel Oh (@calysteon), Noah Gregory
(wts.dev) for their assistance.

CUPS
We would like to acknowledge Ali Razmjoo, Alperen T. Ugurlu, Puru Gupta,
evilsocket for their assistance.

darwinOS
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

Device Recovery
We would like to acknowledge an anonymous researcher for their
assistance.

Files
We would like to acknowledge Tyler Montgomery for their assistance.

Foundation
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for
their assistance.

iCloud Photo Library
We would like to acknowledge Dawuge of Shuffle Team, Hikerell (Loadshine
Lab), Joshua Jones, YingQi Shi (@Mas0nShi) and ChengQiang Jin (@白斩鸡) of
DBAppSecurity's WeBin lab for their assistance.

ImageIO
We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim
(@nevul37) in Enki WhiteHat for their assistance.

IOGPUFamily
We would like to acknowledge Wang Yu of Cyberserval for their
assistance.

Kernel
We would like to acknowledge Yepeng Pan, Prof. Dr. Christian Rossow for
their assistance.

libc
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

libedit
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

libpthread
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

libxml2
We would like to acknowledge Nathaniel Oh (@calysteon) for their
assistance.

Lockdown Mode
We would like to acknowledge Pyrophoria and Ethan Day, kado for their
assistance.

mDNSResponder
We would like to acknowledge Barrett Lyon for their assistance.

MobileBackup
We would like to acknowledge Dragon Fruit Security (Davis Dai & ORAC落云 &
Frank Du) for their assistance.

Networking
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for
their assistance.

Notes
We would like to acknowledge Atul R V for their assistance.

NSRemoteView
We would like to acknowledge Manuel Fernandez (Stackhopper Security) for
their assistance.

PackageKit
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Passwords
We would like to acknowledge Christian Kohlschütter for their
assistance.

PDFKit
We would like to acknowledge Vincent Reckendrees for their assistance.

Quick Look
We would like to acknowledge Tom Hensel of Chaos Computer Club for their
assistance.

Safari
We would like to acknowledge Ameen Basha M K for their assistance.

Setup Assistant
We would like to acknowledge Edwin R. for their assistance.

SharedFileList
We would like to acknowledge Ye Zhang of Baidu Security for their
assistance.

smbx
We would like to acknowledge zbleet of QI-ANXIN TianGong Team for their
assistance.

Spotlight
We would like to acknowledge Christian Scalese for their assistance.

Text Input
We would like to acknowledge Zhongcheng Li from IES Red Team of
ByteDance for their assistance.

Time Machine
We would like to acknowledge Matej Moravec (@MacejkoMoravec) for their
assistance.

Transparency
We would like to acknowledge Wojciech Regula of SecuRing
(wojciechregula.blog), 要乐奈 for their assistance.

WebKit
We would like to acknowledge Bob Lord, Matthew Liang, Mike Cardwell of
grepular.com, Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Wi-Fi
We would like to acknowledge Aobo Wang (@M4x_1997), Csaba Fitzl
(@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of
SecuRing (wojciechregula.blog), an anonymous researcher for their
assistance.

macOS Tahoe 26 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmjInBIACgkQ4Ifiq8DH
7PUjMg//XPkEZJmQzZSRA4+7iBl2CRDXwGsHrb7tXTRw/mbxDCT/e2pDwNy1qL3l
H5MO/jRoaabl2yjGEfKgEMwcGQ3nBvdjjP4gNBIT2hHb2Fc0vcDfn6SFDjfvslX1
PXNG/v8FPGo0lUckHaVXjazAFxutSHOIE8PVR2Sa7v4kslrdl4Qz7Yigd1kKgFNg
RK7wpB3UbO383Ccg9tKTek0sL8Pco3LLO/OCGk8uMjW6PZc8N5ZBAvWwq+esXMwQ
0LfVgNIZNEu3+eP3ArER/PiwEcQ52/mL/TGbFTMdYx3lwsiiLqr7MDYwhDA+gnTW
YrxsP5KYJARwHt4TvwEZUxPxkpCTHHlUu0+SotUelupxL76qvkEG4ssRnK3DeG5Z
zbS063DrJVeOhgSwSbFLq4ub5lCYi9QOzTvmFtnByx1GEIFdJgxpnmxcLk3lZMud
gaylURjM+wy2OKQjhIPtZtdHlHNN1udDZOC/Kx8OA2PK6LpkRXMPbjrWx1JJ2iEn
IblsTK1sPjiKxGhHXZwWYpui2RsihRORyZvdjGiIjEkcfoxXAjkGgUh/d8VIFPbB
yFkfBc2DNbj4lV0MlYgyKPnkblggN2ctMfgcT1CyNL5Z6aF26/8AzI4ZKgAdB0YF
797OusdMuofQLQhiNLmePNAwgpyqRWeL1/EKjalQrgzFLT2NI0c=
=bMjh
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/