Severity
High
Analysis Summary
CVE-2025-30464 CVSS:7.8
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2025-30433 CVSS:9.8
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app
CVE-2025-24190 CVSS:7.8
Apple macOS Sonoma could allow a remote attacker to execute arbitrary code on the system, caused by an error in the CoreMedia component when opening a specially crafted file.
Impact
- Code Execution
- Gain Access
Indicators of Compromise
CVE
CVE-2025-30464
CVE-2025-30433
CVE-2025-24190
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple visionOS - unspecified
- Apple iOS and iPadOS - unspecified
- Apple iPadOS - unspecified
- Apple macOS Sonoma - 14.7.4
Remediation
Refer to Apple security document, for patch, upgrade or suggested workaround information.