CVE-2025-46310: Race Condition
Published Sep 15, 2025
·Updated
AirPort. A permissions issue was addressed with additional restrictions.
Other sources
AMD. A buffer overflow was addressed with improved bounds checking.
— Apple
AppKit. The issue was resolved by blocking unsigned services from launching on Intel Macs.
— Apple
Apple Neural Engine. An out-of-bounds access issue was addressed with improved bounds checking.
— Apple
Apple Online Store Kit. A permissions issue was addressed with additional restrictions.
— Apple
AppleEvents. An authorization issue was addressed with improved state management.
— Apple
Credit
Noah Gregory (wts.dev), Mickey Jin@@patch1t, Ryan Dowd@@_rdowd, Amy (amys.website), Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Golden Helm Securities(Iru), Gergely Kalman@@gergely_kalman(Iru), Csaba Fitzl@@theevilbit(Iru), Gergely Kalman@@gergely_kalman, an anonymous researcher, Ron Elemans, Murray Mike, 이동하 (Lee Dong Ha)(SSA Lab), George Karchemsky@@gkarchemsky(Trend Micro Zero Day Initiative), Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef, CVE-2025-59375, Ron Masas(BreakPoint), Chunyu Song(NorthSea), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Google Threat Analysis Group, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), (Indiana University Bloomington), Luyi Xing(Indiana University Bloomington), Enis Maholli (enismaholli.com), Gongyu Ma@@Mezone0, LeminLimez, @@cloudlldb, Wang Yu(Cyberserval), Keisuke Hosoda, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Asaf Cohen, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Csaba Fitzl@@theevilbit(Kandji), Kirin@@Pwnrin, ABC Research s.r.o., Nolan Astrein(Kandji), Mickey Jin@@patch1t(Cisco Talos), Kirin@@Pwnrin(Cisco Talos), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Zhongquan Li@@Guluisacat, Bilal Siddiqui, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Michael Reeves@@IntegralPilot, Dawuge(Shuffle Team), Rosyna Keller(Totally Not Malicious Software), Guilherme Rambo(Best Buddy Apps), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), @@zlluny(Trend Micro Zero Day Initiative), Zhongcheng Li(IES Red Team of ByteDance), Matej Moravec@@MacejkoMoravec, Shantanu Thakur, Jian Lee@@speedyfriend433, Ye Zhang@@VAR10CK(Baidu Security), Viktor Oreshkin, Nathaniel Oh@@calysteon, Hikerell (Loadshine Lab), LFY@@secsys(Fudan University), CVE-2025-40909, @@zlluny, CVE-2024-27280, KPC(Cisco Talos), @@RenwaX23, Ye Zhang(Baidu Security), pattern-f@@pattern_F_, 정답이 아닌 해답, Kirin@@Pwnrin(Computer Science), Cristian Dinca(Computer Science), Romania, CVE-2025-6965, JZ, Seo Hyun-gyu@@wh1te4ever, Luke Roberts@@rookuu, Ferdous Saljooki@@malwarezoo(Jamf), Justin Elliot Fu, Pyrophoria(GrapheneOS), an anonymous researcher(GrapheneOS), James J Kalafus, Michel Migdal, ken super, Jaydev Ahire, Big Bear, Ignacio Sanmillan@@ulexec, Mike Cardwell(grepular), Bob Lord, Pawel Wylecial(REDTEAM)
Affected Software
5 affected componentsFixes available
Apple macOS Sonoma<14.8.4
14.8.4
Apple macOS Sequoia<15.7.4
15.7.4
Apple macOS>=14.0<14.8.4
Apple macOS>=15.0<15.7.4
Apple macOS Tahoe<26
26
Event History
Sep 15, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Feb 11, 2026
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·10:58 PM
Data Sourced
via MITRE·10:58 PM
DescriptionWeakness
Data Sourced
via NVD·11:16 PM
DescriptionSeverityWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2026-20670
- CVE-2026-20624
- CVE-2026-20625
- CVE-2026-20660
- CVE-2025-43403
- CVE-2026-20611
- CVE-2026-20609
- CVE-2026-20617
- CVE-2026-20615
- CVE-2025-46283
- CVE-2026-20627
- CVE-2025-43417
- CVE-2026-20620
- CVE-2025-43338
- CVE-2026-20634
- CVE-2026-20675
- CVE-2026-20671
- CVE-2025-59375
- CVE-2026-20667
- CVE-2026-20673
- CVE-2026-20677
- CVE-2026-20651
- CVE-2026-20694
- CVE-2026-20616
- CVE-2025-43533
- CVE-2025-46300
- CVE-2025-46301
- CVE-2025-46302
- CVE-2025-46303
- CVE-2025-46304
- CVE-2025-46305
- CVE-2025-46310
- CVE-2026-20614
- CVE-2026-20628
- CVE-2025-46290
- CVE-2026-20653
- CVE-2026-20680
- CVE-2026-20612
- CVE-2026-20641
- CVE-2026-20606
- CVE-2026-20605
- CVE-2026-20621
- CVE-2025-43402
- CVE-2026-20602
- CVE-2026-20626
- CVE-2026-20622
- CVE-2026-20662
- CVE-2026-20619
- CVE-2025-43288
- CVE-2025-43208
- CVE-2025-43312
- CVE-2025-43321
- CVE-2025-43344
- CVE-2025-31268
- CVE-2025-43331
- CVE-2025-43317
- CVE-2025-43340
- CVE-2025-43337
- CVE-2025-43320
- CVE-2025-43285
- CVE-2025-43330
- CVE-2025-43346
- CVE-2025-43361
- CVE-2025-43451
- CVE-2025-43307
- CVE-2025-43354
- CVE-2025-43303
- CVE-2025-43357
- CVE-2025-43323
- CVE-2025-43349
- CVE-2025-43292
- CVE-2025-43372
- CVE-2025-24088
- CVE-2025-43305
- CVE-2025-43290
- CVE-2025-43289
- CVE-2025-46284
- CVE-2025-43316
- CVE-2025-31271
- CVE-2025-31270
- CVE-2025-43326
- CVE-2025-43283
- CVE-2025-46280
- CVE-2025-43325
- CVE-2025-43287
- CVE-2025-43302
- CVE-2025-31255
- CVE-2025-43366
- CVE-2025-43359
- CVE-2025-43345
- CVE-2025-43299
- CVE-2025-43295
- CVE-2025-43353
- CVE-2025-43294
- CVE-2025-43319
- CVE-2025-43315
- CVE-2025-43355
- CVE-2025-43207
- CVE-2025-43279
- CVE-2025-43301
- CVE-2025-43298
- CVE-2025-40909
- CVE-2025-43297
- CVE-2025-31269
- CVE-2025-43204
- CVE-2024-27280
- CVE-2025-46306
- CVE-2025-43327
- CVE-2025-43329
- CVE-2025-43328
- CVE-2025-43318
- CVE-2025-46307
- CVE-2025-31259
- CVE-2025-43332
- CVE-2025-43293
- CVE-2025-43291
- CVE-2025-43286
- CVE-2025-43369
- CVE-2025-43358
- CVE-2025-43367
- CVE-2025-43190
- CVE-2025-43333
- CVE-2025-24197
- CVE-2025-6965
- CVE-2025-43341
- CVE-2025-43314
- CVE-2025-43304
- CVE-2025-43306
- CVE-2025-43347
- CVE-2025-43296
- CVE-2025-43311
- CVE-2025-43308
- CVE-2025-43262
- CVE-2025-43356
- CVE-2025-43272
- CVE-2025-43343
- CVE-2025-43342
- CVE-2025-43419
- CVE-2025-43376
- CVE-2025-43368
- CVE-2025-43310
Frequently Asked Questions
1
What is the severity of CVE-2025-46310?
CVE-2025-46310 has been rated as a critical vulnerability due to its potential to allow unauthorized access to sensitive information.
2
How do I fix CVE-2025-46310?
To fix CVE-2025-46310, update your macOS to versions 14.8.5 or 15.7.5 or later as they contain the necessary patches.
3
What products are affected by CVE-2025-46310?
CVE-2025-46310 affects macOS Sequoia versions prior to 15.7.5 and macOS Sonoma versions prior to 14.8.5.
4
What types of issues are addressed in CVE-2025-46310?
CVE-2025-46310 addresses a parsing issue, an injection issue, and a path handling issue, all leading to improved validation and logic.
5
Is there a known exploit for CVE-2025-46310?
As of now, there are no public reports indicating an active exploit for CVE-2025-46310.