CRITICAL🇵🇱 Wersja polska

CVE-2025-43243

CVSS 9.8v3.1pub. 2025-07-30upd. 2026-04-02

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modify protected parts of the file system.

🤖 AI Analysis
How it works

The bug lies in improper configuration of permissions to system resources, allowing an application to gain write access to file system areas that should be protected from modification by unprivileged code. Apple resolved the issue by introducing additional permission restrictions. The network vector (AV:N) with no privilege requirements (PR:N) and user interaction (UI:N) indicates a potentially broad attack surface.

Impact

An attacker can use a malicious application to modify protected fragments of the macOS file system, which may lead to system integrity violation, privilege escalation, or persistent device infection.

Mitigation & patch

The system should be updated to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7. Details available in Apple bulletins: https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151

Who is affected

Apple macOS Sequoia before version 15.6, macOS Sonoma before version 14.7.7, macOS Ventura before version 13.7.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    < 13.7.714.0 – 14.7.7 (bez)15.0 – 15.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki