Early Access — Mondoo Vulnerability Intelligence is currently in preview.
CVE-2025-24109
Impact: An app may be able to access sensitive user data
Description: A downgrade issue was addressed with additional code-signing restrictions.
CVE-2025-24100
Impact: An app may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2025-24114
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-24121
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2025-24122
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2025-24127
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24106
Impact: An app may be able to cause unexpected system termination
Description: This issue was addressed with additional entitlement checks.
CVE-2024-44172
Impact: An app may be able to access contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2025-24123
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24124
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24102
Impact: An app may be able to determine a user’s current location
Description: The issue was addressed with improved checks.
CVE-2025-24174
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2025-24086
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24094
Impact: An app may be able to access user-sensitive data
Description: A race condition was addressed with additional validation.
CVE-2025-24115
Impact: An app may be able to read files outside of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2025-24116
Impact: An app may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2024-55549
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-24855
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-24136
Impact: A malicious app may be able to create symlinks to protected regions of the disk
Description: This issue was addressed with improved validation of symlinks.
CVE-2025-24099
Impact: A local attacker may be able to elevate their privileges
Description: The issue was addressed with improved checks.
CVE-2025-24130
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-24183
Impact: A local user may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-24146
Impact: Deleting a conversation in Messages may expose user contact information in system logging
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2024-54497
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2025-24093
Impact: An app may be able to access removable volumes without user consent
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-24149
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-24103
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2025-24185
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2025-24139
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24151
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-24138
Impact: A malicious application may be able to leak sensitive user information
Description: This issue was addressed through improved state management.
CVE-2025-24176
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue was addressed with improved validation.
CVE-2025-31242
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2025-31248
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-24154
Impact: An attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2025-43374
Impact: An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-24120
Impact: An attacker may be able to cause unexpected app termination
Description: This issue was addressed by improved management of object lifetimes.
CVE-2025-24156
Impact: An app may be able to elevate privileges
Description: An integer overflow was addressed through improved input validation.
13.7.3