CVE-2025-24121: Input Validation
First published: Mon Jan 27 2025(Updated: )
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
Credit: product-security@apple.com Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) D4m0n Bohdan Stasiuk @Bohdan_Stasiuk Kirin @Pwnrin Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityCertiK SkyFall Team Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftMickey Jin @patch1t Yann GASCUEL Alter SolutionsAdam M. an anonymous researcher PixiePoint Security an anonymous researcher Kirin @Pwnrin Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalKirin @Pwnrin Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaYann GASCUEL Alter Solutionsan anonymous researcher PixiePoint Security an anonymous researcher Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityCertiK SkyFall Team Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftMickey Jin @patch1t Yann GASCUEL Alter SolutionsAdam M. an anonymous researcher PixiePoint Security an anonymous researcher Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalKirin @Pwnrin Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaYann GASCUEL Alter Solutionsan anonymous researcher PixiePoint Security an anonymous researcher D4m0n Bohdan Stasiuk @Bohdan_Stasiuk Kirin @Pwnrin Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityCertiK SkyFall Team Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftMickey Jin @patch1t Yann GASCUEL Alter SolutionsAdam M. an anonymous researcher PixiePoint Security an anonymous researcher Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityCertiK SkyFall Team Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftMickey Jin @patch1t Yann GASCUEL Alter SolutionsAdam M. an anonymous researcher PixiePoint Security an anonymous researcher Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalKirin @Pwnrin Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaYann GASCUEL Alter Solutionsan anonymous researcher PixiePoint Security an anonymous researcher Bohdan Stasiuk @Bohdan_Stasiuk Kirin @Pwnrin Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityCertiK SkyFall Team Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftMickey Jin @patch1t Yann GASCUEL Alter SolutionsAdam M. an anonymous researcher PixiePoint Security an anonymous researcher Kirin @Pwnrin Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityCertiK SkyFall Team Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftMickey Jin @patch1t Yann GASCUEL Alter SolutionsAdam M. an anonymous researcher PixiePoint Security an anonymous researcher Bohdan Stasiuk @Bohdan_Stasiuk Kirin @Pwnrin Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalKirin @Pwnrin Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeKirin @Pwnrin Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher an anonymous researcher an anonymous researcher 云散 Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus NovaYann GASCUEL Alter Solutionsan anonymous researcher PixiePoint Security an anonymous researcher
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <13.7.3 | |
| <15.3 | ||
| Apple macOS | <14.7.3 | |
| <15.3 | 15.3 | |
| Apple macOS | <14.7.3 | 14.7.3 |
| Apple macOS | <13.7.3 | 13.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122069 (Advisory)
- https://support.apple.com/en-us/122068 (Advisory)
- https://support.apple.com/en-us/122070 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2025-24126
- CVE-2025-24129
- CVE-2025-24131
- CVE-2025-24177
- CVE-2025-24137
- CVE-2025-24087
- CVE-2025-24112
- CVE-2025-24100
- CVE-2025-24109
- CVE-2025-24114
- CVE-2025-24121
- CVE-2025-24122
- CVE-2025-24127
- CVE-2025-24106
- CVE-2025-24160
- CVE-2025-24161
- CVE-2025-24163
- CVE-2025-24123
- CVE-2025-24124
- CVE-2025-24085
- CVE-2025-24102
- CVE-2025-24134
- CVE-2025-24140
- CVE-2025-24174
- CVE-2025-24086
- CVE-2025-24118
- CVE-2025-24107
- CVE-2025-24159
- CVE-2025-24094
- CVE-2025-24115
- CVE-2025-24116
- CVE-2025-24117
- CVE-2025-24136
- CVE-2025-24101
- CVE-2025-24096
- CVE-2025-24130
- CVE-2025-24169
- CVE-2025-24146
- CVE-2025-24128
- CVE-2025-24113
- CVE-2025-24149
- CVE-2025-24103
- CVE-2025-24108
- CVE-2025-24139
- CVE-2025-24151
- CVE-2025-24152
- CVE-2025-24153
- CVE-2025-24138
- CVE-2025-24176
- CVE-2025-24135
- CVE-2025-24145
- CVE-2025-24092
- CVE-2025-24154
- CVE-2025-24143
- CVE-2025-24158
- CVE-2025-24162
- CVE-2025-24150
- CVE-2025-24120
- CVE-2025-24156
- CVE-2024-54509
- CVE-2024-44172
- CVE-2024-54497
- CVE-2025-24093
- CVE-2024-44243
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/tags
- collector/apple-support
- source/Apple
- alias/CVE-2025-24129
- alias/CVE-2025-24131
- alias/CVE-2025-24177
- alias/CVE-2025-24137
- alias/CVE-2025-24087
- alias/CVE-2025-24112
- alias/CVE-2025-24100
- alias/CVE-2025-24109
- alias/CVE-2025-24114
- alias/CVE-2025-24121
- alias/CVE-2025-24122
- alias/CVE-2025-24127
- alias/CVE-2025-24106
- alias/CVE-2025-24160
- alias/CVE-2025-24161
- alias/CVE-2025-24163
- alias/CVE-2025-24123
- alias/CVE-2025-24124
- alias/CVE-2025-24085
- alias/CVE-2025-24102
- alias/CVE-2025-24134
- alias/CVE-2025-24140
- alias/CVE-2025-24174
- alias/CVE-2025-24086
- alias/CVE-2025-24118
- alias/CVE-2025-24107
- alias/CVE-2025-24159
- alias/CVE-2025-24094
- alias/CVE-2025-24115
- alias/CVE-2025-24116
- alias/CVE-2025-24117
- alias/CVE-2025-24136
- alias/CVE-2025-24101
- alias/CVE-2025-24096
- alias/CVE-2025-24130
- alias/CVE-2025-24169
- alias/CVE-2025-24146
- alias/CVE-2025-24128
- alias/CVE-2025-24113
- alias/CVE-2025-24149
- alias/CVE-2025-24103
- alias/CVE-2025-24108
- alias/CVE-2025-24139
- alias/CVE-2025-24151
- alias/CVE-2025-24152
- alias/CVE-2025-24153
- alias/CVE-2025-24138
- alias/CVE-2025-24176
- alias/CVE-2025-24135
- alias/CVE-2025-24145
- alias/CVE-2025-24092
- alias/CVE-2025-24154
- alias/CVE-2025-24143
- alias/CVE-2025-24158
- alias/CVE-2025-24162
- alias/CVE-2025-24150
- alias/CVE-2025-24120
- alias/CVE-2025-24156
- alias/CVE-2024-54509
- alias/CVE-2024-44172
- alias/CVE-2024-54497
- alias/CVE-2025-24093
- alias/CVE-2024-44243
- vendor/apple
- canonical/apple macos