CRITICAL🇵🇱 Wersja polska

CVE-2025-24269

CVSS 9.8v3.1pub. 2025-03-31upd. 2025-11-07

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination.

🤖 AI Analysis
How it works

The issue consists of a lack of proper memory resource control during application operation processing. A malicious or compromised application can excessively exploit system memory resources, leading to system instability and unexpected termination. Apple resolved the issue by improving memory management mechanisms in macOS Sequoia 15.4.

Impact

An attacker (or malicious application) can cause unexpected termination of the operating system, resulting in loss of availability (Denial of Service). The high CVSS score also indicates potential risk of data confidentiality and integrity breaches.

Mitigation & patch

Update the system to macOS Sequoia 15.4 or later. The update is available through the Software Update mechanism in macOS or on the Apple support page: https://support.apple.com/en-us/122373

Who is affected

Apple macOS Sequoia in versions earlier than 15.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    < 15.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki