Full Disclosure mailing list archives

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

macOS Ventura 13.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122070.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2025-24109: Bohdan Stasiuk (@Bohdan_Stasiuk)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2025-24100: Kirin (@Pwnrin)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-24114: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2025-24121: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2025-24122: Mickey Jin (@patch1t)

ARKit
Available for: macOS Ventura
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of
Zhejiang University

Audio
Available for: macOS Ventura
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24106: Wang Yu of Cyberserval

Contacts
Available for: macOS Ventura
Impact: An app may be able to access contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-44172: Kirin (@Pwnrin)

CoreMedia
Available for: macOS Ventura
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24123: Desmond working with Trend Micro Zero Day Initiative
CVE-2025-24124: Pwn2car & Rotiple(HyeongSeok Jang) working with Trend
Micro Zero Day Initiative

CoreRoutine
Available for: macOS Ventura
Impact: An app may be able to determine a user’s current location
Description: The issue was addressed with improved checks.
CVE-2025-24102: Kirin (@Pwnrin)

iCloud Photo Library
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2025-24174: Arsenii Kostromin (0x3c3e), Joshua Jones

ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in
Enki WhiteHat, D4m0n

LaunchServices
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A race condition was addressed with additional validation.
CVE-2025-24094: an anonymous researcher

LaunchServices
Available for: macOS Ventura
Impact: An app may be able to read files outside of its sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2025-24115: an anonymous researcher

LaunchServices
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-24116: an anonymous researcher

libxslt
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed through improved state management.
CVE-2025-24166: Ivan Fratric of Google Project Zero

Login Window
Available for: macOS Ventura
Impact: A malicious app may be able to create symlinks to protected
regions of the disk
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-24136: 云散

PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-24130: Pedro Tôrres (@t0rr3sp3dr0)

Photos Storage
Available for: macOS Ventura
Impact: Deleting a conversation in Messages may expose user contact
information in system logging
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2025-24146: 神罚(@Pwnrin)

QuartzCore
Available for: macOS Ventura
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2024-54497: Anonymous working with Trend Micro Zero Day Initiative

Sandbox
Available for: macOS Ventura
Impact: An app may be able to access removable volumes without user
consent
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-24093: Yiğit Can YILMAZ (@yilmazcanyigit)

SceneKit
Available for: macOS Ventura
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

Security
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-24103: Zhongquan Li (@Guluisacat)

sips
Available for: macOS Ventura
Impact: Parsing a maliciously crafted file may lead to an unexpected app
termination
Description: The issue was addressed with improved checks.
CVE-2025-24139: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

SMB
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-24151: an anonymous researcher

Spotlight
Available for: macOS Ventura
Impact: A malicious application may be able to leak sensitive user
information
Description: This issue was addressed through improved state management.
CVE-2025-24138: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova

StorageKit
Available for: macOS Ventura
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue was addressed with improved validation.
CVE-2025-24176: Yann GASCUEL of Alter Solutions

WebContentFilter
Available for: macOS Ventura
Impact: An attacker may be able to cause unexpected system termination
or corrupt kernel memory
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2025-24154: an anonymous researcher

WindowServer
Available for: macOS Ventura
Impact: An attacker may be able to cause unexpected app termination
Description: This issue was addressed by improved management of object
lifetimes.
CVE-2025-24120: PixiePoint Security

Xsan
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2025-24156: an anonymous researcher

Additional recognition

sips
We would like to acknowledge Hossein Lotfi (@hosselot) of Trend Micro
Zero Day Initiative for their assistance.

Static Linker
We would like to acknowledge Holger Fuhrmannek for their assistance.

macOS Ventura 13.7.3 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmeYAeAACgkQX+5d1TXa
Ivr6xxAArlmy7/QSZdnXJpnrNMezo5BhkKQbhNXOMZ84CbKF/vJCXOBVsZHyGHXg
jyakB0AFxLx3K9hoZpdtQdOD0tW3RgmXAbwnEYCOK/y+WUKBXNTvWJv5nRn2D59l
fDa4Oert7w7NY/Wc9bpcyFhCLVRVZ7ZhhqKWxQQsGO4VqEmUfwTCkCHczsSki6er
LQxSMMxbIK/sblhGs/xpGYReEs0WV/03/kUQRyAkiFzbNbjCtFof+64kFqD4C90P
cgSBfrWJJH+FISRqlnZ8gRsp9P0qOhT+/X8HvY1/7p0tOCGVlVRqJqtcFKp9wtwb
TS6e00AvOHlfVjlQDICsTai0nsHrPg4eu28eP1JsT8SfkSururs7NxoEDIl7mVIK
5LHgbflqT0Bq4tT7eMAIf+0gn9qINuZfE3XPiZDqr4HiC3Sf7KBE86Jc0kflX0s1
337VOTw4uMS86kGCw3wdM0fBWt3Tiu2lDN+c994TlL3jurRMbnJRKxvusyAKodbO
BonaMxCwmUy7yMOmR6oiAgaQmuShbwv0dzvmO7Qim5aLb6I+NWpeGCJXfaIyQHWk
OvxmBPurOsAAob6u0LoS/PHDwGsBxUtgkOq102OJrwAe7UROk78eKttHZHP/3PfN
R/Jmr13OXoZkREGqFd3SJXAxln2zB7GugVpvqpA4avGumLx9tNg=
=0JAP
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

• APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3 Apple Product Security via Fulldisclosure (Jan 27)