-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7

macOS Ventura 13.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/124151.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A path handling issue was addressed with improved
validation.
CVE-2025-43191: Ryan Dowd (@_rdowd)

afclip
Available for: macOS Ventura
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43186: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

AMD
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with improved state
handling.
CVE-2025-43244: ABC Research s.r.o.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-31243: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43249: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2025-43245: Mickey Jin (@patch1t)

CFNetwork
Available for: macOS Ventura
Impact: An attacker may be able to cause unexpected app termination
Description: A use-after-free issue was addressed by removing the
vulnerable code.
CVE-2025-43222: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

CFNetwork
Available for: macOS Ventura
Impact: A non-privileged user may be able to modify restricted network
settings
Description: A denial-of-service issue was addressed with improved input
validation.
CVE-2025-43223: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

copyfile
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43220: Mickey Jin (@patch1t)

Core Services
Available for: macOS Ventura
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed by removing the
vulnerable code.
CVE-2025-43199: Gergely Kalman (@gergely_kalman), an anonymous
researcher

CoreMedia
Available for: macOS Ventura
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43210: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

CoreServices
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables.
This issue was addressed with improved validation.
CVE-2025-43195: 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc)

Disk Images
Available for: macOS Ventura
Impact: Running an hdiutil command may unexpectedly execute arbitrary
code
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43187: 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc)

file
Available for: macOS Ventura
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43254: 2ourc3 | Salim Largo

File Bookmark
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: A logic issue was addressed with improved checks.
CVE-2025-43261: an anonymous researcher

Find My
Available for: macOS Ventura
Impact: An app may be able to fingerprint the user
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-31279: Dawuge of Shuffle Team

Finder
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code out of its sandbox
or with certain elevated privileges
Description: This issue was addressed through improved state management.
CVE-2025-24119: an anonymous researcher

GPU Drivers
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43255: Anonymous working with Trend Micro Zero Day Initiative

ICU
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43209: Gary Kwong working with Trend Micro Zero Day Initiative

Kernel
Available for: macOS Ventura
Impact: A remote attacker may be able to cause unexpected system
termination
Description: The issue was addressed with improved checks.
CVE-2025-24224: Tony Iskow (@Tybbow)

LaunchServices
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code out of its sandbox
or with certain elevated privileges
Description: This issue was addressed through improved state management.
CVE-2025-24119: an anonymous researcher

libxpc
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2025-43196: an anonymous researcher

NetAuth
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: A race condition was addressed with additional validation.
CVE-2025-43275: Csaba Fitzl (@theevilbit) of Kandji

Notes
Available for: macOS Ventura
Impact: An app may gain unauthorized access to Local Network
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43270: Minqiang Gui

Notes
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43225: Kirin (@Pwnrin)

NSSpellChecker
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43266: Noah Gregory (wts.dev)

PackageKit
Available for: macOS Ventura
Impact: A malicious app with root privileges may be able to modify the
contents of system files
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43247: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2025-43194: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to bypass certain Privacy preferences
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43232: Koh M. Nakagawa (@tsunek0h), Csaba Fitzl (@theevilbit)
of Kandji and Gergely Kalman (@gergely_kalman)

Power Management
Available for: macOS Ventura
Impact: An attacker may be able to cause unexpected app termination
Description: A type confusion issue was addressed with improved memory
handling.
CVE-2025-43236: Dawuge of Shuffle Team

SceneKit
Available for: macOS Ventura
Impact: An app may be able to read files outside of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43241: Mickey Jin (@patch1t)

Security
Available for: macOS Ventura
Impact: A malicious app acting as a HTTPS proxy could get access to
sensitive user data
Description: This issue was addressed with improved access restrictions.
CVE-2025-43233: Wojciech Regula of SecuRing (wojciechregula.blog)

SecurityAgent
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-43193: Dawuge of Shuffle Team

SharedFileList
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2025-43250: Yuebin Sun (@yuebinsun2020), Mickey Jin (@patch1t)

Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to bypass sensitive Shortcuts app
settings
Description: This issue was addressed by adding an additional prompt for
user consent.
CVE-2025-43184: Csaba Fitzl (@theevilbit) of Kandji

Single Sign-On
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43197: Shang-De Jiang and Kazma Ye of CyCraft Technology

sips
Available for: macOS Ventura
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43239: Nikolai Skliarenko of Trend Micro Zero Day Initiative

Software Update
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43243: Mickey Jin (@patch1t), Keith Yeo (@kyeojy) from Team
Orca of Sea Security

System Settings
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43206: Zhongquan Li (@Guluisacat)

WindowServer
Available for: macOS Ventura
Impact: An attacker with physical access to a locked device may be able
to view sensitive user information
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2025-43259: Martti Hütt

Xsan
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input
validation.
CVE-2025-43238: an anonymous researcher

Additional recognition

Device Management
We would like to acknowledge Al Karak for their assistance.

Game Center
We would like to acknowledge YingQi Shi (@Mas0nShi) of DBAppSecurity's
WeBin lab for their assistance.

Shortcuts
We would like to acknowledge Dennis Kniep for their assistance.

WebDAV
We would like to acknowledge Christian Kohlschütter for their
assistance.

macOS Ventura 13.7.7 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmiJVfcACgkQX+5d1TXa
IvqqDRAAkYHNmTbPKFf639hRc+FUbYSZreS9GDGFOGKia0O0POXRaEq82Z7zedj+
wEFZ3ig4AyoGEEJFypNNpMk4XmyyfJYLElCKYIOaslLwHipUzO9+C7YgRhqMNvCv
nzJpKoDemHBb1VqX+QCWTa/MY43LVAp/AAM2KLGuTyMQ2zQ5Fm6+nq+hDrcXlG/5
Bq7SKeYdsDTEY9h5tc46kRnb+A8oajF1sxNAMR7onhkR+EHrY36WOOv/8IsZ/+k6
xfBI/pz3mfMmMVDHPz9aS9tYSxhzqtwmkQZBCPjCGpgR5R09aBkjw71/IRRxSti+
sOpPLE+rmSPykraD9YEthJI2QJp2rigsH9H/De6YG6HBF91AwpAmnQimk+4Gdv2t
D/QkGBXmHV8x9LVskrlJai+JR9qriZn2Mhi4i4vyYHXDQDXh9rWYynQb73hQiBsW
2hkW4khSmCvcpJ12wOqKqlCLvNtLv1A8Oj3rCcTCDPymugjHbRWgvLrwY3Izju76
oJ3+wKFpRVD38hZmOJnrWuiyyGEpG7eiIDK8qkbDP73Zlqjzg51Xl8ouFRxMhti0
cJcPdTh8++BkHJhDesTLeo85EDTlHuDl9x+PJeBhYIrquuhMwpMw55IP6XjPFnOF
FNZZqq3zUH4hF1bghDjXAbE9SdeLZNmgBrB9yB07fgkdV84lrO0=
=EIqH
-----END PGP SIGNATURE-----