Early Access — Mondoo Vulnerability Intelligence is currently in preview.
CVE-2025-43191
Impact: An app may be able to cause a denial-of-service
Description: A path handling issue was addressed with improved validation.
CVE-2025-43186
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43244
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with improved state handling.
CVE-2025-31243
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43249
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43245
Impact: An app may be able to access protected user data
Description: A downgrade issue was addressed with additional code-signing restrictions.
CVE-2025-43222
Impact: An attacker may be able to cause unexpected app termination
Description: A use-after-free issue was addressed by removing the vulnerable code.
CVE-2025-43223
Impact: A non-privileged user may be able to modify restricted network settings
Description: A denial-of-service issue was addressed with improved input validation.
CVE-2025-43220
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2025-43210
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43195
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2025-43199
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2025-43313
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved restrictions.
CVE-2025-43187
Impact: Running an hdiutil command may unexpectedly execute arbitrary code
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43254
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2025-43261
Impact: An app may be able to break out of its sandbox
Description: A logic issue was addressed with improved checks.
CVE-2025-31279
Impact: An app may be able to fingerprint the user
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-24119
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: This issue was addressed through improved state management.
CVE-2025-43255
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-43284
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-43209
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-24224
Impact: A remote attacker may be able to cause unexpected system termination
Description: The issue was addressed with improved checks.
CVE-2025-43282
Impact: An app may be able to cause unexpected system termination
Description: A double free issue was addressed with improved memory management.
CVE-2025-24119
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: This issue was addressed through improved state management.
CVE-2025-43196
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved validation.
CVE-2025-43275
Impact: An app may be able to break out of its sandbox
Description: A race condition was addressed with additional validation.
CVE-2025-43270
Impact: An app may gain unauthorized access to Local Network
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2025-43225
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43266
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43247
Impact: A malicious app with root privileges may be able to modify the contents of system files
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43194
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-43232
Impact: An app may be able to bypass certain Privacy preferences
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43236
Impact: An attacker may be able to cause unexpected app termination
Description: A type confusion issue was addressed with improved memory handling.
CVE-2025-43241
Impact: An app may be able to read files outside of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43233
Impact: A malicious app acting as a HTTPS proxy could get access to sensitive user data
Description: This issue was addressed with improved access restrictions.
CVE-2025-43193
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-43250
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2025-43184
Impact: A shortcut may be able to bypass sensitive Shortcuts app settings
Description: This issue was addressed by adding an additional prompt for user consent.
CVE-2025-43197
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement checks.
CVE-2025-43239
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43243
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43206
Impact: An app may be able to access protected user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-43259
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43238
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input validation.
13.7.7