A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-12
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass ASLR.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-12
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-12
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.
CVSS Score
9.1
EPSS Score
0.005
Published
2025-05-12
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-12
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-05-12
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-12
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
CVSS Score
8.8
EPSS Score
0.007
Published
2025-05-12
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-12
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVSS Score
4.3
EPSS Score
0.011
Published
2025-05-12