CRITICAL🇵🇱 Wersja polska

CVE-2025-30444

CVSS 9.8v3.1pub. 2025-03-31upd. 2026-04-02

A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.

🤖 AI Analysis
How it works

The error results from improper synchronization of access to shared resources (race condition, CWE-362) during SMB network share mounting. An attacker can prepare a malicious SMB server and trick a user into connecting to a specially crafted network share. During mounting, a race occurs between threads or processes, leading to system instability and sudden termination (crash). Apple resolved the issue by implementing an improved locking mechanism.

Impact

An attacker can cause sudden termination of the operating system, resulting in loss of machine availability. Based on the CVSS vector, potential impact on data confidentiality and integrity was also assessed.

Mitigation & patch

Update the system to macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5, in which Apple implemented a patch. Details available at: https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375.

Who is affected

Apple macOS Sequoia versions earlier than 15.4, macOS Sonoma versions earlier than 14.7.5, and macOS Ventura versions earlier than 13.7.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    13.0 – 13.7.5 (bez)14.0 – 14.7.5 (bez)15.0 – 15.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki