CRITICAL🇵🇱 Wersja polska

CVE-2025-43244

CVSS 9.8v3.1pub. 2025-07-30upd. 2025-11-03

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.

🤖 AI Analysis
How it works

The error consists of improper handling of shared resource state in a race condition situation, classified as CWE-362. An application can manipulate resource access timing so that two concurrent processes or threads enter into conflict, leading to an unstable state of the operating system. Apple resolved the issue through improved state handling mechanisms.

Impact

A malicious application installed on a device can cause unexpected, forced system termination, resulting in loss of availability and potential loss of unsaved data.

Mitigation & patch

The system should be updated to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7, according to the manufacturer's information available at support.apple.com/en-us/124149, 124150, and 124151.

Who is affected

Apple macOS Sequoia in versions before 15.6, Apple macOS Sonoma in versions before 14.7.7, Apple macOS Ventura in versions before 13.7.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    < 13.7.714.0 – 14.7.7 (bez)15.0 – 15.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki