Update

Fixed : An app may be able to access protected user data

About the security content of macOS Sonoma 14.7.7

macOS Sonoma 14.7.7
Released July 29, 2025
Admin Framework:
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: A path handling issue was addressed with improved validation.
CVE-2025-43191: Ryan Dowd (@_rdowd)

afclip:
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43186: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

AMD:
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with improved state handling.
CVE-2025-43244: ABC Research s.r.o.

AppleMobileFileIntegrity:
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-31243: Mickey Jin (@patch1t)

AppleMobileFileIntegrity:
Available for: macOS Sonoma
Impact: A malicious app may be able to launch arbitrary binaries on a trusted device
Description: This issue was addressed with improved input validation.
CVE-2025-43253: Noah Gregory (wts.dev)

AppleMobileFileIntegrity:
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43249: Mickey Jin (@patch1t)

AppleMobileFileIntegrity:
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2025-43248: Mickey Jin (@patch1t)

AppleMobileFileIntegrity:
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: A downgrade issue was addressed with additional code-signing restrictions.
CVE-2025-43245: Mickey Jin (@patch1t)

CFNetwork:
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination
Description: A use-after-free issue was addressed by removing the vulnerable code.
CVE-2025-43222: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

CFNetwork:
Available for: macOS Sonoma
Impact: A non-privileged user may be able to modify restricted network settings
Description: A denial-of-service issue was addressed with improved input validation.
CVE-2025-43223: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

copyfile:
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2025-43220: Mickey Jin (@patch1t)

Core Services:
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2025-43199: an anonymous researcher, Gergely Kalman (@gergely_kalman)

CoreMedia:
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43210: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

CoreServices:
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2025-43195: 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc)

Disk Images:
Available for: macOS Sonoma
Impact: Running an hdiutil command may unexpectedly execute arbitrary code
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43187: 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc)

Dock:
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43198: Mickey Jin (@patch1t)

file:
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2025-43254: 2ourc3 | Salim Largo

File Bookmark:
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A logic issue was addressed with improved checks.
CVE-2025-43261: an anonymous researcher

Find My:
Available for: macOS Sonoma
Impact: An app may be able to fingerprint the user
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-31279: Dawuge of Shuffle Team

Finder:
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: This issue was addressed through improved state management.
CVE-2025-24119: an anonymous researcher

GPU Drivers:
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-43255: Anonymous working with Trend Micro Zero Day Initiative

ICU:
Available for: macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43209: Gary Kwong working with Trend Micro Zero Day Initiative

ImageIO:
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2025-43226: N/A

LaunchServices:
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: This issue was addressed through improved state management.
CVE-2025-24119: an anonymous researcher

libxpc:
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved validation.
CVE-2025-43196: an anonymous researcher

libxslt:
Available for: macOS Sonoma
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-7424: Ivan Fratric of Google Project Zero

Managed Configuration:
Available for: macOS Sonoma
Impact: Account-driven User Enrollment may still be possible with Lockdown Mode turned on
Description: A configuration issue was addressed with additional restrictions.
CVE-2025-43192: Pyrophoria

NetAuth:
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A race condition was addressed with additional validation.
CVE-2025-43275: Csaba Fitzl (@theevilbit) of Kandji

Notes:
Available for: macOS Sonoma
Impact: An app may gain unauthorized access to Local Network
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2025-43270: Minqiang Gui

Notes:
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43225: Kirin (@Pwnrin)

NSSpellChecker:
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43266: Noah Gregory (wts.dev)

PackageKit:
Available for: macOS Sonoma
Impact: An app may be able to hijack entitlements granted to other privileged apps
Description: This issue was addressed with improved data protection.
CVE-2025-43260: Zhongquan Li (@Guluisacat)

PackageKit:
Available for: macOS Sonoma
Impact: A malicious app with root privileges may be able to modify the contents of system files
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43247: Mickey Jin (@patch1t)

PackageKit:
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-43194: Mickey Jin (@patch1t)

PackageKit:
Available for: macOS Sonoma
Impact: An app may be able to bypass certain Privacy preferences
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43232: Koh M. Nakagawa (@tsunek0h), Csaba Fitzl (@theevilbit) of Kandji and Gergely Kalman (@gergely_kalman)

Power Management:
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination
Description: A type confusion issue was addressed with improved memory handling.
CVE-2025-43236: Dawuge of Shuffle Team

SceneKit:
Available for: macOS Sonoma
Impact: An app may be able to read files outside of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43241: Mickey Jin (@patch1t)

Security:
Available for: macOS Sonoma
Impact: A malicious app acting as a HTTPS proxy could get access to sensitive user data
Description: This issue was addressed with improved access restrictions.
CVE-2025-43233: Wojciech Regula of SecuRing (wojciechregula.blog)

SecurityAgent:
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-43193: Dawuge of Shuffle Team

SharedFileList:
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2025-43250: Yuebin Sun (@yuebinsun2020), Mickey Jin (@patch1t)

Shortcuts:
Available for: macOS Sonoma
Impact: A shortcut may be able to bypass sensitive Shortcuts app settings
Description: This issue was addressed by adding an additional prompt for user consent.
CVE-2025-43184: Csaba Fitzl (@theevilbit) of Kandji

Single Sign-On:
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement checks.
CVE-2025-43197: Shang-De Jiang and Kazma Ye of CyCraft Technology

sips:
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43239: Nikolai Skliarenko of Trend Micro Zero Day Initiative

Software Update:
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43243: Mickey Jin (@patch1t), Keith Yeo (@kyeojy) from Team Orca of Sea Security

Spotlight:
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved checks.
CVE-2025-43246: Mickey Jin (@patch1t)

StorageKit:
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: This issue was addressed through improved state management.
CVE-2025-43256: an anonymous researcher

System Settings:
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-43206: Zhongquan Li (@Guluisacat)

WebContentFilter:
Available for: macOS Sonoma
Impact: A malicious app may be able to read kernel memory
Description: This issue was addressed with improved memory handling.
CVE-2025-43189: an anonymous researcher

WindowServer:
Available for: macOS Sonoma
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43259: Martti Hütt

Xsan:
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input validation.
CVE-2025-43238: an anonymous researcher

Version: MacOS Sonoma 14.7.7 Link
Receive Important Update Messages Stay tuned for upcoming Apple macOS updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad