Home / mailings APPLE-SA-11-03-2025-4 macOS Sonoma 14.8.2
Posted on 04 November 2025
Apple Security-announceAPPLE-SA-11-03-2025-4 macOS Sonoma 14.8.2
macOS Sonoma 14.8.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125636.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Admin Framework
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved checks.
CVE-2025-43322: Ryan Dowd (@_rdowd)
AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2025-43468: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43379: Gergely Kalman (@gergely_kalman)
AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43469: Mickey Jin (@patch1t)
ASP TCP
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory
management.
CVE-2025-43478: Joseph Ravichandran (@0xjprx) of MIT CSAIL, Dave G.
(supernetworks.org)
Assets
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved entitlements.
CVE-2025-43407: JZ
Assets
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43446: Zhongcheng Li from IES Red Team of ByteDance
Audio
Available for: macOS Sonoma
Impact: A malicious app may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43361: Michael Reeves (@IntegralPilot)
bash
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A validation issue was addressed with improved input
sanitization.
CVE-2025-43472: Morris Richman (@morrisinlife)
bootp
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43394: Csaba Fitzl (@theevilbit) of Kandji
CloudKit
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43448: Hikerell (Loadshine Lab)
configd
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43395: Csaba Fitzl (@theevilbit) of Kandji
CoreAnimation
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2025-43401: =EC=9D=B4=EB=8F=99=ED=95=98 (Lee Dong Ha of BoB 14th), =wac working with Trend
Micro Zero Day Initiative
CoreServices
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43479: an anonymous researcher
CoreServices
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43382: Gergely Kalman (@gergely_kalman)
CoreText
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
Dock
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with improved state
handling.
CVE-2025-43420: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova
FileProvider
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state
management.
CVE-2025-43498: pattern-f (@pattern_F_)
Finder
Available for: macOS Sonoma
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2025-43348: Ferdous Saljooki (@malwarezoo) of Jamf
GPU Drivers
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43474: Murray Mike
ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input validation.
CVE-2025-43372: =EC=9D=B4=EB=8F=99=ED=95=98 (Lee Dong Ha) of SSA Lab
ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43338: =EC=9D=B4=EB=8F=99=ED=95=98 (Lee Dong Ha) of SSA Lab
Installer
Available for: macOS Sonoma
Impact: A sandboxed app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2025-43396: an anonymous researcher
Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43398: Cristian Dinca (icmd.tech)
libxpc
Available for: macOS Sonoma
Impact: A sandboxed app may be able to observe system-wide network
connections
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org
Notes
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed by removing the vulnerable
code.
CVE-2025-43389: Kirin (@Pwnrin)
NSSpellChecker
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43469: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43411: an anonymous researcher
Photos
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43405: an anonymous researcher
Photos
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2025-43391: Asaf Cohen
Ruby
Available for: macOS Sonoma
Impact: Multiple issues in ruby
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-43398
CVE-2024-49761
CVE-2025-6442
Security
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed by adding additional logic.
CVE-2025-43335: Csaba Fitzl (@theevilbit) of Kandji
Share Sheet
Available for: macOS Sonoma
Impact: An attacker with physical access may be able to access contacts
from the lock screen
Description: This issue was addressed by restricting options offered on
a locked device.
CVE-2025-43408: Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ
BSF Kashmir
SharedFileList
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43476: Mickey Jin (@patch1t)
Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may be able to access files that are normally
inaccessible to the Shortcuts app
Description: A permissions issue was addressed with improved validation.
CVE-2025-30465: an anonymous researcher
CVE-2025-43414: an anonymous researcher
Shortcuts
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43499: an anonymous researcher
sips
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2025-43380: Nikolai Skliarenko of Trend Micro Zero Day Initiative
Siri
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2025-43477: Kirin (@Pwnrin)
SoftwareUpdate
Available for: macOS Sonoma
Impact: An app with root privileges may be able to access private
information
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43336: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova
SoftwareUpdate
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: A permissions issue was addressed by removing the
vulnerable code.
CVE-2025-43397: Csaba Fitzl (@theevilbit) of Kandji
Spotlight
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-31199: Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft, Alexia
Wilson of Microsoft, Christine Fossaceca of Microsoft
sudo
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43334: Gergely Kalman (@gergely_kalman)
System Settings
Available for: macOS Sonoma
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2025-43348: Ferdous Saljooki (@malwarezoo) of Jamf
TCC
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A file quarantine bypass was addressed with additional
checks.
CVE-2025-43412: Mickey Jin (@patch1t)
Wi-Fi
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43373: Wang Yu of Cyberserval
zsh
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A validation issue was addressed with improved input
sanitization.
CVE-2025-43472: Morris Richman (@morrisinlife)
macOS Sonoma 14.8.2 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
