About | Contact | Privacy Policy | Terms of Use | Disclaimer

Several vulnerabilities in Apple products could allow arbitrary code execution

Nabil Anine

Several vulnerabilities in Apple products could allow arbitrary code execution


Several vulnerabilities have been discovered in Apple products, the most serious of which could allow the execution of arbitrary code. The details of the vulnerabilities are as follows:

Tactical: Execution (TA0002):

Technical: Operation for customer execution (T1203):

  • In some configurations, an attacker with limited sudo access to the host may be able to elevate their privileges. (CVE-2025-32462)
  • Processing malicious web content can cause memory corruption. (CVE-2025-43433, CVE-2025-43431)
  • Processing a maliciously crafted media file may cause the application to crash unexpectedly or corrupt the process’s memory. (CVE-2025-43445, CVE-2025-43386, CVE-2025-43385, CVE-2025-43384, CVE-2025-43383, CVE-2025-43372, CVE-2025-43338)
  • An application may cause an unexpected system interruption or corrupt kernel memory. (CVE-2025-43447, CVE-2025-43462, CVE-2025-43373)

Other vulnerabilities of lesser severity include:

  • Processing a malicious file may result in heap corruption. (CVE-2025-43505)
  • A user occupying a privileged position on the network can cause a denial of service. (CVE-2025-43504)
  • Visiting a malicious website can result in address bar spoofing. (CVE-2025-43493)
  • Visiting a malicious website can result in user interface spoofing. (CVE-2025-43503)
  • An application may be able to bypass certain privacy preferences. (CVE-2025-43502)
  • A malicious website can exfiltrate cross-origin data. (CVE-2025-43480)
  • Processing maliciously crafted web content can cause the process to crash unexpectedly. (CVE-2025-43458, CVE-2025-43430, CVE-2025-43427, CVE-2025-43443, CVE-2025-43441, CVE-2025-43435, CVE-2025-43425, CVE-2025-43440, CVE-2025-43432, CVE-2025-43429, CVE-2025-43421)
  • Processing malicious web content can cause Safari to crash unexpectedly. (CVE-2025-43438, CVE-2025-43457, CVE-2025-43434)
  • A website can exfiltrate cross-origin image data. (CVE-2025-43392)
  • A malicious application may be able to take a screenshot of sensitive information in embedded views. (CVE-2025-43455)
  • An application may be able to access protected user data. (CVE-2025-43379, CVE-2025-43394, CVE-2025-43395, CVE-2025-43399, CVE-2025-43461, CVE-2025-43351)
  • An application may be able to escape its sandbox. (CVE-2025-43407, CVE-2025-43448, CVE-2025-43476, CVE-2025-43412, CVE-2025-43481, CVE-2025-43497, CVE-2025-43364, CVE-2025-43393)
  • An attacker with physical access to an unlocked device associated with a Mac may be able to view sensitive user information in system logging. (CVE-2025-43423)
  • An application may be able to enumerate applications installed by a user. (CVE-2025-43436)
  • Processing a maliciously crafted media file may cause the application to crash unexpectedly or corrupt the process’s memory. (CVE-2025-43445, CVE-2025-43386, CVE-2025-43385, CVE-2025-43384, CVE-2025-43383, CVE-2025-43372, CVE-2025-43338)
  • An application may be able to access sensitive user data. (CVE-2025-43498, CVE-2025-43389, CVE-2025-43500, CVE-2025-43294, CVE-2025-43468, CVE-2025-43469, CVE-2025-43479, CVE-2025-43382, CVE-2025-43420, CVE-2025-43391, CVE-2025-43499, CVE-2025-43477, CVE-2025-31199, CVE-2025-43337, CVE-2025-43378, CVE-2025-43292, CVE-2025-43409, CVE-2025-43471, CVE-2025-43388, CVE-2025-43466, CVE-2025-43465, CVE-2025-43426, CVE-2025-43406, CVE-2025-43404, CVE-2025-43473, CVE-2025-43463)
  • An application may be able to take the user’s fingerprints. (CVE-2025-43507, CVE-2025-43444, CVE-2025-43439)
  • An application may cause an unexpected system interruption. (CVE-2025-43398, CVE-2025-43478)
  • A sandboxed application may be able to observe system-wide network connections. (CVE-2025-43413)
  • Remote content can be loaded even when the “Load Remote Images” setting is disabled. (CVE-2025-43496)
  • Processing a maliciously crafted font may result in unexpected application termination or corrupted process memory. (CVE-2025-43400)
  • An attacker with physical access to a locked Apple Watch may be able to view live voicemail. (CVE-2025-43459)
  • An application may be able to access the user’s sensitive data. (CVE-2025-43322, CVE-2025-43411, CVE-2025-43405, CVE-2025-43335, CVE-2025-43334, CVE-2025-43390)
  • An application may be able to modify protected parts of the file system. (CVE-2025-43446)
  • A malicious application may be able to read kernel memory. (CVE-2025-43361)
  • An application can gain root privileges. (CVE-2025-43472, CVE-2025-43467)
  • A remote attacker can cause a denial of service. (CVE-2025-43401)
  • An application can bypass Gatekeeper controls. (CVE-2025-43348)
  • An application may cause an unexpected system interruption or read kernel memory. (CVE-2025-43474)
  • A sandboxed application can access sensitive user data. (CVE-2025-43396)
  • Several problems in ruby. (CVE-2024-43398, CVE-2024-49761, CVE-2025-6442)
  • An attacker with physical access can access contacts from the lock screen. (CVE-2025-43408)
  • A shortcut can provide access to files that are normally inaccessible to the Shortcuts application. (CVE-2025-30465, CVE-2025-43414)
  • Parsing a file may cause the application to quit unexpectedly. (CVE-2025-43380)
  • An application with root privileges can access private information. (CVE-2025-43336)
  • An application can cause a denial of service. (CVE-2025-43397, CVE-2025-43377)
  • A malicious application can gain root privileges. (CVE-2025-43387)
  • A malicious application may be able to delete protected user data. (CVE-2025-43381)
  • Visiting a website may result in a denial of service to the application. (CVE-2025-43464)
  • A malicious HID device can cause the process to crash unexpectedly. (CVE-2025-43424)
  • iCloud Private Relay may not activate when multiple users are logged in at the same time. (CVE-2025-43506)
  • A path handling issue has been resolved with improved validation. (CVE-2025-53906)
  • An application may cause an unexpected system interruption or corrupt process memory. (CVE-2025-43402)
  • An application may be able to identify other applications that a user has installed. (CVE-2025-43442)
  • A malicious application may be able to track users between installations. (CVE-2025-43449)
  • An application may be able to obtain information about the current camera view before being granted access to the camera. (CVE-2025-43450)
  • An attacker may be able to view restricted content from the lock screen. (CVE-2025-43350)
  • A device may persistently fail to lock. (CVE-2025-43454)
  • An attacker with physical access to a locked device may be able to view sensitive user information. (CVE-2025-43460, CVE-2025-43418)
  • An attacker with physical access to a device may be able to disable protection on stolen devices. (CVE-2025-43422)
  • Keyboard suggestions may display sensitive information on the lock screen. (CVE-2025-43452)
  • An application may be able to monitor keystrokes without user permission. (CVE-2025-43495)
  • An unprivileged process can terminate a root process. (CVE-2025-43365)

Successful exploitation of the most severe of these vulnerabilities could allow execution of arbitrary code in the context of the logged in user. Depending on the privileges associated with the user, an attacker could then install programs; view, modify or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system might be less affected than those who operate with administrative user rights.

Written by Nabil Anine — IT Business Partner & Cybersecurity Awareness Lead passionate about Responsible AI & Governance.

, , , ,

Search

Connect with us

Recent Posts

Categories