Full Disclosure mailing list archives

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

macOS Sonoma 14.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122069.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sonoma
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A type confusion issue was addressed with improved checks.
CVE-2025-24137: Uri Katz (Oligo Security)

AppleGraphicsControl
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24112: D4m0n

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2025-24109: Bohdan Stasiuk (@Bohdan_Stasiuk)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2025-24100: Kirin (@Pwnrin)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-24114: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2025-24121: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2025-24122: Mickey Jin (@patch1t)

ARKit
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of
Zhejiang University

ASP TCP
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2024-54509: CertiK SkyFall Team

Audio
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24106: Wang Yu of Cyberserval

Contacts
Available for: macOS Sonoma
Impact: An app may be able to access contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-44172: Kirin (@Pwnrin)

CoreAudio
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24161: Google Threat Analysis Group
CVE-2025-24160: Google Threat Analysis Group
CVE-2025-24163: Google Threat Analysis Group

CoreMedia
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24123: Desmond working with Trend Micro Zero Day Initiative
CVE-2025-24124: Pwn2car & Rotiple(HyeongSeok Jang) working with Trend
Micro Zero Day Initiative

CoreRoutine
Available for: macOS Sonoma
Impact: An app may be able to determine a user’s current location
Description: The issue was addressed with improved checks.
CVE-2025-24102: Kirin (@Pwnrin)

iCloud Photo Library
Available for: macOS Sonoma
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2025-24174: Arsenii Kostromin (0x3c3e), Joshua Jones

ImageIO
Available for: macOS Sonoma
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in
Enki WhiteHat, D4m0n

Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-24118: Joseph Ravichandran (@0xjprx) of MIT CSAIL

Kernel
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A validation issue was addressed with improved logic.
CVE-2025-24159: pattern-f (@pattern_F_)

LaunchServices
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A race condition was addressed with additional validation.
CVE-2025-24094: an anonymous researcher

LaunchServices
Available for: macOS Sonoma
Impact: An app may be able to read files outside of its sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2025-24115: an anonymous researcher

LaunchServices
Available for: macOS Sonoma
Impact: An app may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-24116: an anonymous researcher

libxslt
Available for: macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed through improved state management.
CVE-2025-24166: Ivan Fratric of Google Project Zero

Login Window
Available for: macOS Sonoma
Impact: A malicious app may be able to create symlinks to protected
regions of the disk
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-24136: 云散

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-24130: Pedro Tôrres (@t0rr3sp3dr0)

Photos Storage
Available for: macOS Sonoma
Impact: Deleting a conversation in Messages may expose user contact
information in system logging
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2025-24146: 神罚(@Pwnrin)

QuartzCore
Available for: macOS Sonoma
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2024-54497: Anonymous working with Trend Micro Zero Day Initiative

Sandbox
Available for: macOS Sonoma
Impact: An app may be able to access removable volumes without user
consent
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-24093: Yiğit Can YILMAZ (@yilmazcanyigit)

SceneKit
Available for: macOS Sonoma
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

Security
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-24103: Zhongquan Li (@Guluisacat)

sips
Available for: macOS Sonoma
Impact: Parsing a maliciously crafted file may lead to an unexpected app
termination
Description: The issue was addressed with improved checks.
CVE-2025-24139: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

SMB
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-24151: an anonymous researcher

Spotlight
Available for: macOS Sonoma
Impact: A malicious application may be able to leak sensitive user
information
Description: This issue was addressed through improved state management.
CVE-2025-24138: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova

StorageKit
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A configuration issue was addressed with additional
restrictions.
CVE-2024-44243: Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft, Mickey Jin
(@patch1t)

StorageKit
Available for: macOS Sonoma
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue was addressed with improved validation.
CVE-2025-24176: Yann GASCUEL of Alter Solutions

TV App
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved data protection.
CVE-2025-24092: Adam M.

WebContentFilter
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected system termination
or corrupt kernel memory
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2025-24154: an anonymous researcher

WindowServer
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination
Description: This issue was addressed by improved management of object
lifetimes.
CVE-2025-24120: PixiePoint Security

Xsan
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2025-24156: an anonymous researcher

Additional recognition

sips
We would like to acknowledge Hossein Lotfi (@hosselot) of Trend Micro
Zero Day Initiative for their assistance.

Static Linker
We would like to acknowledge Holger Fuhrmannek for their assistance.

macOS Sonoma 14.7.3 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmeYAaIACgkQX+5d1TXa
Ivq/DQ//ZhiZQPDwdlLQCAICU1V01RQijtTALv4xD6wv7sGnLl2o6hhL99x0lwKy
O0dA0l2Nzx0h4K9ahDy/enYccPzIUeXhxwIvm7TfHfnkZwLSGe2bGGShGlkH1JcG
mb/7YC00eUR9yzBmyhCOkQpvBUd7262BqP7Rws0DKn4frwfrWFVoFt5XQz6vL/DD
oogEGMCq7JAwli1LUUy1KOYpdb5sA1Rru4QBuuFxPdXkDHSJSfGwvhxA1RcyPcPA
Ujm7sFDOWqj+sOrQPMua6ubTplQDtdPC/GQ6XJsSrT++mwrOAnD5anGKpFeVvTqG
eoTtrIJzEWjnVnPmqmKa2sJndaYxKzXJ3hHXSMoPK5rzaLaG8wxTS3INgKt1GTe5
lbk8aBW2g4Z6HjaVuwejPeC4h4oSQT06eNYyRELkh1l41raHnyTsZwjaOcvZxO7S
IiRQmUyVMqUN5cjRg1BbQnTEsltOOYSocD8RBeIsJRlLHA+66qwN+YTl2kXqL7GW
ICI7b0S47XznTjSbglu57YPkRz7RpjfceAqpg9VIFOEdLTR2wt70calZkYVOn0Ii
2DuhmP4ptHu9v1MAsRu8ZC21aKSvLOtg6uy1iVDusDRN4mHL9Ewa/7q4er10ugYP
/4eY9rPfOyvxT6NHZzr3dDaazaWYyZmG5zJ27r82CkXTlTW3oDY=
=0U2n
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

• APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3 Apple Product Security via Fulldisclosure (Jan 27)