About the security content of macOS Sequoia 15.7.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released September 15, 2025
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2025-43312: ABC Research s.r.o.
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: The issue was resolved by blocking unsigned services from launching on Intel Macs.
CVE-2025-43321: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-31268: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43285: Zhongquan Li (@Guluisacat), Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43330: Bilal Siddiqui
Available for: macOS Sequoia
Impact: Processing a maliciously crafted video file may lead to unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2025-43349: @zlluny working with Trend Zero Day Initiative
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with improved state handling.
CVE-2025-43292: Csaba Fitzl (@theevilbit) and Nolan Astrein of Kandji
Available for: macOS Sequoia
Impact: A malicious app may be able to access private information
Description: A logic issue was addressed with improved checks.
CVE-2025-43305: an anonymous researcher, Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-43326: Wang Yu of Cyberserval
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2025-43302: Keisuke Hosoda
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji
Available for: macOS Sequoia
Impact: A UDP server socket bound to a local interface may become bound to all interfaces
Description: A logic issue was addressed with improved state management.
CVE-2025-43359: Viktor Oreshkin
Available for: macOS Sequoia
Impact: An app may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved validation.
CVE-2025-43299: Nathaniel Oh (@calysteon)
CVE-2025-43295: Nathaniel Oh (@calysteon)
Available for: macOS Sequoia
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: The issue was addressed with improved bounds checks.
CVE-2025-43353: Nathaniel Oh (@calysteon)
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43319: Hikerell (Loadshine Lab)
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43315: Rodolphe Brunetti (@eisw0lf) of Lupus Nova
Available for: macOS Sequoia
Impact: An app may be able to cause a denial-of-service
Description: A type confusion issue was addressed with improved memory handling.
CVE-2025-43355: Dawuge of Shuffle Team
Available for: macOS Sequoia
Impact: An app may be able to access contact info related to notifications in Notification Center
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2025-43301: LFY@secsys from Fudan University
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-43298: an anonymous researcher
Available for: macOS Sequoia
Impact: Multiple issues in Perl
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-40909
Available for: macOS Sequoia
Impact: Processing a file may lead to a denial-of-service or potentially disclose memory contents
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-27280
Available for: macOS Sequoia
Impact: An app may be able to capture a screenshot of an app entering or exiting full screen mode
Description: A privacy issue was addressed with improved checks.
CVE-2025-31259: an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A file quarantine bypass was addressed with additional checks.
CVE-2025-43332: an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved input validation.
CVE-2025-43293: an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2025-43291: Ye Zhang of Baidu Security
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43286: pattern-f (@pattern_F_), @zlluny
Available for: macOS Sequoia
Impact: A shortcut may be able to bypass sandbox restrictions
Description: A permissions issue was addressed with additional sandbox restrictions.
CVE-2025-43358: 정답이 아닌 해답
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-43190: Noah Gregory (wts.dev)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2025-24197: Rodolphe Brunetti (@eisw0lf) of Lupus Nova
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-43314: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2025-43304: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: This issue was addressed with additional entitlement checks.
CVE-2025-43311: an anonymous researcher, Justin Elliot Fu
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement checks.
CVE-2025-43308: an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to trick a user into copying sensitive data to the pasteboard
Description: A configuration issue was addressed with additional restrictions.
CVE-2025-43310: an anonymous researcher
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance.
We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Ye Zhang of Baidu Security for their assistance.
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance.