This document describes the security content of macOS Ventura 13.7.3.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released January 27, 2025
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: A downgrade issue was addressed with additional code-signing restrictions.
CVE-2025-24109: Bohdan Stasiuk (@Bohdan_Stasiuk)
Available for: macOS Ventura
Impact: An app may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2025-24100: Kirin (@Pwnrin)
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-24114: Mickey Jin (@patch1t)
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2025-24121: Mickey Jin (@patch1t)
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2025-24122: Mickey Jin (@patch1t)
Available for: macOS Ventura
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of Zhejiang University
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination
Description: This issue was addressed with additional entitlement checks.
CVE-2025-24106: Wang Yu of Cyberserval
Entry updated August 28, 2025
Available for: macOS Ventura
Impact: An app may be able to access contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-44172: Kirin (@Pwnrin)
Available for: macOS Ventura
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24123: Desmond working with Trend Micro Zero Day Initiative
CVE-2025-24124: Pwn2car & Rotiple(HyeongSeok Jang) working with Trend Micro Zero Day Initiative
Available for: macOS Ventura
Impact: An app may be able to determine a user’s current location
Description: The issue was addressed with improved checks.
CVE-2025-24102: Kirin (@Pwnrin)
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2025-24174: Arsenii Kostromin (0x3c3e), Joshua Jones
Available for: macOS Ventura
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat, D4m0n
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A race condition was addressed with additional validation.
CVE-2025-24094: an anonymous researcher
Available for: macOS Ventura
Impact: An app may be able to read files outside of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2025-24115: an anonymous researcher
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2025-24116: an anonymous researcher
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-55549: Ivan Fratric of Google Project Zero
CVE-2025-24855: Ivan Fratric of Google Project Zero
Entry added May 16, 2025
Available for: macOS Ventura
Impact: A malicious app may be able to create symlinks to protected regions of the disk
Description: This issue was addressed with improved validation of symlinks.
CVE-2025-24136: 风(binary_fmyy) and Minghao Lin (@Y1nKoc)
Entry updated May 16, 2025
Available for: macOS Ventura
Impact: A local attacker may be able to elevate their privileges
Description: The issue was addressed with improved checks.
CVE-2025-24099: Mickey Jin (@patch1t)
Entry added January 29, 2025
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-24130: Pedro Tôrres (@t0rr3sp3dr0)
Available for: macOS Ventura
Impact: A local user may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-24183: Arsenii Kostromin (0x3c3e)
Entry added May 16, 2025
Available for: macOS Ventura
Impact: Deleting a conversation in Messages may expose user contact information in system logging
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-24146: 神罚(@Pwnrin)
Available for: macOS Ventura
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2024-54497: Anonymous working with Trend Micro Zero Day Initiative
Available for: macOS Ventura
Impact: An app may be able to access removable volumes without user consent
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-24093: Yiğit Can YILMAZ (@yilmazcanyigit)
Available for: macOS Ventura
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2025-24103: Zhongquan Li (@Guluisacat)
Available for: macOS Ventura
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2025-24185: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
Entry added March 17, 2025
Available for: macOS Ventura
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24139: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative and Junsung Lee
Entry updated May 16, 2025
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-24151: an anonymous researcher
Available for: macOS Ventura
Impact: A malicious application may be able to leak sensitive user information
Description: This issue was addressed through improved state management.
CVE-2025-24138: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova
Available for: macOS Ventura
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue was addressed with improved validation.
CVE-2025-24176: Yann GASCUEL of Alter Solutions
Available for: macOS Ventura
Impact: An attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2025-24154: an anonymous researcher
Available for: macOS Ventura
Impact: An attacker may be able to cause unexpected app termination
Description: This issue was addressed by improved management of object lifetimes.
CVE-2025-24120: PixiePoint Security
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: An integer overflow was addressed through improved input validation.
CVE-2025-24156: an anonymous researcher
We would like to acknowledge Holger Fuhrmannek for their assistance.