Summary: CERT-In has flagged serious software vulnerabilities in Apple’s Pages and Keynote for macOS (CVE-2025-46316 and CVE-2025-46306). These out-of-bounds read errors in the QuickLook component allow attackers to steal sensitive data if a user is tricked into opening a specially crafted file.
Business Impact: Medium-High. Since these are primary productivity tools, malicious documents sent via email or chat could be used to exfiltrate trade secrets or user credentials from macOS workstations.
Why It Happened: Flaws in the way the QuickLook component processes file metadata allowed for unauthorized memory access, leading to information exposure.
Recommended Executive Action: Mandate updates for Pages and Keynote to version 15.1 on all macOS Sequoia 15.6+ systems. Advise staff to avoid opening unrequested .pages or .key files from external sources.
Hashtags: #macOS #AppleSecurity #CERTIn #Pages #Keynote #AppSec #PhishingPrevention