lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-id: <5AF7A49A-D5AC-4B97-8BA9-600B47C322A9@lists.apple.com> Date: Wed, 16 Apr 2025 13:53:17 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 macOS Sequoia 15.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122400. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CoreAudio Available for: macOS Sequoia Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Description: A memory corruption issue was addressed with improved bounds checking. CVE-2025-31200: Apple and Google Threat Analysis Group RPAC Available for: macOS Sequoia Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Description: This issue was addressed by removing the vulnerable code. CVE-2025-31201: Apple macOS Sequoia 15.4.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmgABakACgkQX+5d1TXa Ivo32BAAsAmKz2o5MrqyXxxDiPp4VBQWEKrVvrjMoPoYZf4z9vOG3YYBlJOFQJKL kFw4vxF9ie4mXc5YXkqdOYPMh09A7EadmpeBhChAjGs2nXfNE3Or6RnJ5b9fMuzs wyXJQ2897lSd4mm3NxaXAnL1rxazAkqcVn3Wgw1oFEStT6FXZCB0zTfGJ/ok+Jzj L9w/27uDJ3SZP2kgQBk0qGqd2Y3Asj06Mt9dmkuDBc36qyYDdGJCFqpVBTYDObpD QrKKc5GKbLCVxe27qLoYdPng2M/vCKMN5hUytWh6e8oeZPM61PcQvVB+cbGXVrfB A+6rRzVMSqHStusbukgEhMsUqSvZxRANAlcepbT/BiD5aaduxAtK3Ipr23T1JN3W x2Dl8cAkijM8wnLQsd2zO24GiXX79eyGlhMV0GYZW+5MGn0N5IVLkOJ9RNE9AL5B 12Z2L77ZXdDpZ3MEaCqZ+PGMgBMTqs84MOW9IVs4Gpoy72laU8O4TMRm4MlbnPgi 5ikjjT9GUVzWxWnGVOZfgRwFPegk1kaPy3r0A1RAWSWMG9fqDj9wwUbtzSEBiUsE xjYMADJZatP2xKLgZOOsigqa4jZe2DeKWO+S9Pio6nydZA+Orv6VRBH0P83MCm16 TPVfnZRQyARc0dscsJHlP/pGIjLXJpxUn2OxYIciJcIdiwmTkIc= =lJtP -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists