Detections
Analytics
macOS 15.x < 15.6 Multiple Vulnerabilities (124149)
high Nessus Plugin ID 243030
Language:
Synopsis
The remote host is missing a macOS update that fixes multiple vulnerabilitiesDescription
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.6. It is, therefore, affected by multiple vulnerabilities:- A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. (CVE-2025-7424)
- A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6.
Processing maliciously crafted web content may lead to an unexpected Safari crash. (CVE-2025-24188)
- A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to gain root privileges.
(CVE-2025-31243)
- The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption. (CVE-2025-31273)
- A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6.
A sandboxed process may be able to launch any installed app. (CVE-2025-31275)
Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.
Solution
Upgrade to macOS 15.6 or later.See Also
Plugin Details
Severity: High
ID: 243030
File Name: macos_124149.nasl
Version: 1.3
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 7/30/2025
Updated: 8/28/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2025-7424
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x:15.0, cpe:/o:apple:macos:15.0
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/29/2025
Vulnerability Publication Date: 7/10/2025
CISA Known Exploited Vulnerability Due Dates: 8/12/2025
Reference Information
CVE: CVE-2025-24188, CVE-2025-31243, CVE-2025-31273, CVE-2025-31275, CVE-2025-31277, CVE-2025-31278, CVE-2025-31279, CVE-2025-31280, CVE-2025-31281, CVE-2025-43185, CVE-2025-43186, CVE-2025-43187, CVE-2025-43188, CVE-2025-43189, CVE-2025-43191, CVE-2025-43192, CVE-2025-43193, CVE-2025-43194, CVE-2025-43195, CVE-2025-43196, CVE-2025-43197, CVE-2025-43198, CVE-2025-43199, CVE-2025-43202, CVE-2025-43206, CVE-2025-43209, CVE-2025-43210, CVE-2025-43211, CVE-2025-43212, CVE-2025-43213, CVE-2025-43214, CVE-2025-43215, CVE-2025-43216, CVE-2025-43218, CVE-2025-43219, CVE-2025-43220, CVE-2025-43221, CVE-2025-43222, CVE-2025-43223, CVE-2025-43224, CVE-2025-43225, CVE-2025-43226, CVE-2025-43227, CVE-2025-43229, CVE-2025-43230, CVE-2025-43232, CVE-2025-43233, CVE-2025-43234, CVE-2025-43235, CVE-2025-43236, CVE-2025-43237, CVE-2025-43238, CVE-2025-43239, CVE-2025-43240, CVE-2025-43241, CVE-2025-43243, CVE-2025-43244, CVE-2025-43245, CVE-2025-43246, CVE-2025-43247, CVE-2025-43248, CVE-2025-43249, CVE-2025-43250, CVE-2025-43251, CVE-2025-43252, CVE-2025-43253, CVE-2025-43254, CVE-2025-43255, CVE-2025-43256, CVE-2025-43257, CVE-2025-43259, CVE-2025-43260, CVE-2025-43261, CVE-2025-43264, CVE-2025-43265, CVE-2025-43266, CVE-2025-43267, CVE-2025-43268, CVE-2025-43270, CVE-2025-43273, CVE-2025-43274, CVE-2025-43275, CVE-2025-43276, CVE-2025-43277, CVE-2025-43284, CVE-2025-6558, CVE-2025-7424, CVE-2025-7425
APPLE-SA: 124149
IAVA: 2025-A-0555