1k+ Appleきてた 疲れたのでいくつか持ち越し

1. CVE-2025-43400｜macOS/iOS/iPadOS/visionOS
   • https://support.apple.com/en-us/125328
   • https://nvd.nist.gov/vuln/detail/CVE-2025-43400
   • https://isc.sans.edu/diary/Apple+Patches+Single+Vulnerability+CVE202543400/32330/
   • https://www.hkcert.org/security-bulletin/apple-products-denial-of-service-vulnerability_20250930
   • https://www.computerweekly.com/news/366632180/Apples-first-iOS-26-security-update-fixes-memory-corruption-flaw
   • FontParserの問題により予期せぬ終了やプロセスメモリ破損の可能性があるらしい。
2. CVE-2025-20371｜Splunk
   • https://advisory.splunk.com/advisories/SVD-2025-1006
   • https://nvd.nist.gov/vuln/detail/CVE-2025-20371
   • SSRF。
3. CVE-2025-9230｜OpenSSL
   • https://openssl-library.org/news/secadv/20250930.txt
   • https://nvd.nist.gov/vuln/detail/CVE-2025-9230
   • https://jvn.jp/vu/JVNVU93161789/
   • https://www.security-next.com/175182
   • DoSやコード実行。他2つ。
4. CVE-2025-41244｜VMware Aria Operations/VMware Tools
   • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
   • https://nvd.nist.gov/vuln/detail/CVE-2025-41244
   • https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
   • https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-vmware-aria-operations-and-vmware-tools-could-allow-for-privilege-escalation_2025-092
   • https://www.bleepingcomputer.com/news/security/broadcom-fixes-high-severity-vmware-nsx-bugs-reported-by-nsa/
   • https://www.security-next.com/175086
   • 権限昇格。条件あり。UNC5174に悪用されたらしい。
5. CVE-2025-23297｜NVIDIA Installer for NvAPP
   • https://nvidia.custhelp.com/app/answers/detail/a_id/5682
   • https://nvd.nist.gov/vuln/detail/CVE-2025-23297
   • https://www.security-next.com/175125
   • 権限昇格。
6. CVE-2025-11205｜Chrome
   • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html
   • https://www.security-next.com/175191
   • WebGPUのHeap Buffer Overflow。他にも色々。