Detections
Analytics

macOS 14.x < 14.8 Multiple Vulnerabilities (125112)

critical Nessus Plugin ID 264811

Synopsis

The remote host is missing a macOS update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8. It is, therefore, affected by multiple vulnerabilities:

 - A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. (CVE-2024-27280)

 - The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges. (CVE-2025-31259)

 - Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 (CVE-2025-40909)

 - A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions. (CVE-2025-43273)

 - The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted audio file may lead to memory corruption. (CVE-2025-43277)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 14.8 or later.

See Also

https://support.apple.com/en-us/125112

Plugin Details

Severity: Critical

ID: 264811

File Name: macos_125112.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 9/15/2025

Updated: 9/15/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-27280

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.1

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:apple:macos:14.0, cpe:/o:apple:mac_os_x:14.0

Exploit Ease: No known exploits are available

Patch Publication Date: 9/15/2025

Vulnerability Publication Date: 3/25/2024

Reference Information

CVE: CVE-2024-27280, CVE-2025-24197, CVE-2025-31255, CVE-2025-31259, CVE-2025-31268, CVE-2025-31269, CVE-2025-40909, CVE-2025-43190, CVE-2025-43231, CVE-2025-43273, CVE-2025-43277, CVE-2025-43285, CVE-2025-43286, CVE-2025-43291, CVE-2025-43293, CVE-2025-43295, CVE-2025-43298, CVE-2025-43299, CVE-2025-43301, CVE-2025-43302, CVE-2025-43304, CVE-2025-43305, CVE-2025-43308, CVE-2025-43310, CVE-2025-43311, CVE-2025-43312, CVE-2025-43314, CVE-2025-43315, CVE-2025-43319, CVE-2025-43321, CVE-2025-43326, CVE-2025-43332, CVE-2025-43341, CVE-2025-43349, CVE-2025-43353, CVE-2025-43355, CVE-2025-43358, CVE-2025-43359, CVE-2025-43367

APPLE-SA: 125112