CRITICAL🇵🇱 Wersja polska

CVE-2025-43193

CVSS 9.8v3.1pub. 2025-07-30upd. 2026-04-02

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service.

🤖 AI Analysis
How it works

The vulnerability is related to excessive resource consumption (CWE-400 — Uncontrolled Resource Consumption). Improper memory handling in macOS allows an application to trigger uncontrolled memory consumption. This results in system overload and instability or unavailability. The issue was fixed by improving memory management mechanisms.

Impact

An attacker who tricks a user into running a malicious application can cause a denial-of-service — instability or crash of the macOS operating system.

Mitigation & patch

The system should be updated to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7 according to information published by Apple at support.apple.com/en-us/124149, 124150, and 124151.

Who is affected

Apple macOS Sequoia before version 15.6, Apple macOS Sonoma before version 14.7.7, Apple macOS Ventura before version 13.7.7.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    < 13.7.714.0 – 14.7.7 (bez)15.0 – 15.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki