Detections
Analytics

macOS 26.x < 26.0 Multiple Vulnerabilities (125110)

high Nessus Plugin ID 265371

Language:

Synopsis

The remote host is missing a macOS update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.0. It is, therefore, affected by multiple vulnerabilities:

 - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. (CVE-2025-6965)

 - A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. (CVE-2024-27280)

 - The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges. (CVE-2025-31259)

 - Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 (CVE-2025-40909)

 - A configuration issue was addressed with additional restrictions. (CVE-2025-24088, CVE-2025-24197, CVE-2025-31255, CVE-2025-31268, CVE-2025-31269, CVE-2025-31270, CVE-2025-31271, CVE-2025-43190, CVE-2025-43204, CVE-2025-43207, CVE-2025-43208, CVE-2025-43262, CVE-2025-43272, CVE-2025-43279, CVE-2025-43283, CVE-2025-43285, CVE-2025-43286, CVE-2025-43287, CVE-2025-43291, CVE-2025-43292, CVE-2025-43293, CVE-2025-43294, CVE-2025-43297, CVE-2025-43298, CVE-2025-43301, CVE-2025-43302, CVE-2025-43304, CVE-2025-43305, CVE-2025-43307, CVE-2025-43308, CVE-2025-43310, CVE-2025-43311, CVE-2025-43312, CVE-2025-43314, CVE-2025-43315, CVE-2025-43316, CVE-2025-43317, CVE-2025-43318, CVE-2025-43319, CVE-2025-43321, CVE-2025-43325, CVE-2025-43326, CVE-2025-43327, CVE-2025-43328, CVE-2025-43329, CVE-2025-43330, CVE-2025-43331, CVE-2025-43332, CVE-2025-43333, CVE-2025-43337, CVE-2025-43340, CVE-2025-43341, CVE-2025-43342, CVE-2025-43343, CVE-2025-43344, CVE-2025-43346, CVE-2025-43347, CVE-2025-43353, CVE-2025-43354, CVE-2025-43356, CVE-2025-43357, CVE-2025-43359, CVE-2025-43366, CVE-2025-43367, CVE-2025-43368, CVE-2025-43369)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 26.0 or later.

See Also

https://support.apple.com/en-us/125110

https://betawiki.net/wiki/MacOS_Tahoe

Plugin Details

Severity: High

ID: 265371

File Name: macos_125110.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 9/18/2025

Updated: 9/19/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-6965

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.2

Threat Score: 4.3

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:26.0, cpe:/o:apple:macos:26.0

Exploit Ease: No known exploits are available

Patch Publication Date: 9/15/2025

Vulnerability Publication Date: 9/15/2024

Reference Information

CVE: CVE-2024-27280, CVE-2025-24088, CVE-2025-24197, CVE-2025-31255, CVE-2025-31259, CVE-2025-31268, CVE-2025-31269, CVE-2025-31270, CVE-2025-31271, CVE-2025-40909, CVE-2025-43190, CVE-2025-43204, CVE-2025-43207, CVE-2025-43208, CVE-2025-43262, CVE-2025-43272, CVE-2025-43279, CVE-2025-43283, CVE-2025-43285, CVE-2025-43286, CVE-2025-43287, CVE-2025-43291, CVE-2025-43292, CVE-2025-43293, CVE-2025-43294, CVE-2025-43295, CVE-2025-43297, CVE-2025-43298, CVE-2025-43299, CVE-2025-43301, CVE-2025-43302, CVE-2025-43303, CVE-2025-43304, CVE-2025-43305, CVE-2025-43307, CVE-2025-43308, CVE-2025-43310, CVE-2025-43311, CVE-2025-43312, CVE-2025-43314, CVE-2025-43315, CVE-2025-43316, CVE-2025-43317, CVE-2025-43318, CVE-2025-43319, CVE-2025-43321, CVE-2025-43325, CVE-2025-43326, CVE-2025-43327, CVE-2025-43328, CVE-2025-43329, CVE-2025-43330, CVE-2025-43331, CVE-2025-43332, CVE-2025-43333, CVE-2025-43337, CVE-2025-43340, CVE-2025-43341, CVE-2025-43342, CVE-2025-43343, CVE-2025-43344, CVE-2025-43346, CVE-2025-43347, CVE-2025-43349, CVE-2025-43353, CVE-2025-43354, CVE-2025-43355, CVE-2025-43356, CVE-2025-43357, CVE-2025-43358, CVE-2025-43359, CVE-2025-43366, CVE-2025-43367, CVE-2025-43368, CVE-2025-43369, CVE-2025-43372, CVE-2025-6965

APPLE-SA: 125110

IAVA: 2025-A-0677