This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-21
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-03-21
A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.
CVSS Score
8.8
EPSS Score
0.017
Published
2025-03-17
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-17
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.
CVSS Score
6.2
EPSS Score
0.001
Published
2025-03-17
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-17
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-03-17
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-03-11
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-11
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-11