Critical Vulnerability Information afprs Impact: Connecting to a malicious AFP server could lead to kernel memory corruption. CVE: CVE-2025-31246 Fix: Resolved by improving memory handling. afprs Impact: Processing maliciously crafted AFP network shares could result in system termination. CVE: CVE-2025-31247, CVE-2025-31237 Fix: Resolved by improving checks. AppleJPEG Impact: Processing maliciously crafted files could lead to unexpected application termination or process memory corruption. CVE: CVE-2025-31251 Fix: Resolved by improving input sanitization. Audio Impact: Applications could potentially cause unexpected system termination. CVE: CVE-2025-31258 Fix: Resolved by improving memory management. CoreAudio Impact: Processing files could lead to unexpected application termination. CVE: CVE-2025-31259 Fix: Resolved by improving checks. CoreGraphics Impact: Processing maliciously crafted files could lead to denial of service or potential leakage of memory contents. CVE: CVE-2025-31209 Fix: Resolved by improving boundary checks. CoreGraphics Impact: Processing files could lead to user information leakage. CVE: CVE-2025-31196 Fix: Resolved by improving boundary checks. CoreMedia Impact: Processing files could lead to unexpected application termination. CVE: CVE-2025-31239 Fix: Resolved by improving memory management. CoreMedia Impact: Processing maliciously crafted video files could lead to unexpected application termination or process memory corruption. CVE: CVE-2025-31233 Fix: Resolved by improving input sanitization. DiskArbitration Impact: Malicious users could potentially bypass permission checks. CVE: CVE-2025-30463 Fix: Resolved by adding additional permission checks. DiskArbitration Impact: Applications could potentially gain root privileges. CVE: CVE-2025-24258 Fix: Resolved by adding additional restrictions. iCloud Document Sharing Impact: Attackers could potentially share iCloud folders without authentication. CVE: CVE-2025-30448 Fix: Resolved by adding additional permission checks. Installer Impact: Sandboxed applications could potentially access sensitive user data. CVE: CVE-2025-31232 Fix: Resolved by improving logic. Kernel Impact: Applications could potentially leak sensitive kernel state. CVE: CVE-2025-24144 Fix: Resolved by removing vulnerable code. Kernel Impact: Attackers could potentially cause unexpected system termination or kernel memory corruption. CVE: CVE-2025-31219 Fix: Resolved by improving memory handling. Kernel Impact: Removal attacks could potentially cause unexpected application termination. CVE: CVE-2025-31241 Fix: Resolved by improving memory management. libexpat Impact: Applications could potentially bypass ASLR. CVE: CVE-2025-30460 Fix: Resolved by improving checks. mDNSResponder Impact: Users could potentially escalate privileges. CVE: CVE-2025-31222 Fix: Resolved by improving checks. Mobile Device Service Impact: Malicious users could potentially gain root privileges. CVE: CVE-2025-30474 Fix: Resolved by removing vulnerable code. Notification Center Impact: Applications could potentially access sensitive user data. CVE: CVE-2025-24472 Fix: Resolved by improving private data reduction. OpenSSH Impact: Multiple issues in OpenSSH, including unexpected application termination or arbitrary code execution. CVE: CVE-2024-8176 Fix: Resolved by third-party assigned CVE-ID. Pro Res Impact: Applications could potentially cause unexpected system termination. CVE: CVE-2025-31245 Fix: Resolved by improving checks. Sandbox Impact: Applications could potentially bypass privacy preferences. CVE: CVE-2025-31224 Fix: Resolved by improving logic. Security Impact: Removal attacks could potentially lead to memory leakage. CVE: CVE-2025-31221 Fix: Resolved by improving input validation. Security Impact: Applications could potentially access usernames and websites associated with the user’s iCloud Keychain. CVE: CVE-2025-31213 Fix: Resolved by improving data reduction. SharedFileList Impact: Attackers could potentially access parts of the protected filesystem. CVE: CVE-2025-31247 Fix: Resolved by improving state management. SoftwareUpdate Impact: Applications could potentially escalate privileges. CVE: CVE-2025-31242 Fix: Resolved by improving input sanitization. StoreKit Impact: Applications could potentially access sensitive user data. CVE: CVE-2025-31242 Fix: Resolved by improving private data reduction. Weather Impact: Malicious applications could potentially read sensitive location information. CVE: CVE-2025-31220 Fix: Resolved by removing sensitive data. WebContentFilter Impact: Applications could potentially leak kernel memory. CVE: CVE-2025-24156 Fix: Resolved by improving memory handling.