CRITICAL🇵🇱 Wersja polska

CVE-2025-43275

CVSS 9.8v3.1pub. 2025-07-30upd. 2025-11-03

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

🤖 AI Analysis
How it works

The vulnerability results from a synchronization error (race condition, CWE-362), which can be exploited by a malicious application running on the system. An application, racing to access a resource at a critical moment, can bypass the isolation mechanisms imposed by the macOS sandbox. Apple resolved the issue by applying additional validation at the vulnerable code location.

Impact

An attacker controlling a malicious application can trigger a sandbox escape, thereby gaining access to system resources and data beyond the permissions originally granted to the application.

Mitigation & patch

The system should be updated to: macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7, in accordance with security updates published by Apple at: https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151

Who is affected

macOS Sequoia versions before 15.6, macOS Sonoma versions before 14.7.7, macOS Ventura versions before 13.7.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    < 13.7.714.0 – 14.7.7 (bez)15.0 – 15.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki