CVE-2025-24252

CVE-2025-24252 is a use-after-free vulnerability in Apple’s AirPlay ecosystem that has multiple PoCs and public PoCs outlining crash/RCe and sandbox-escape chains. Public materials describe a local-network attacker potentially exploiting mDNS/AirPlay services to trigger remote code execution or s...

CVE-2025-24270

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information...

CVE-2025-24271

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it...

CVE-2025-24271

CVE-2025-24271 describes an access issue in AirPlay handling where an unauthenticated user on the same network as a signed‑in Mac could send AirPlay commands without pairing. Apple fixed this in multiple OS updates: macOS Sequoia 15.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, iOS 18.4 and iPadO...

CVE-2025-31203

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service...

CVE-2025-31203

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service...

CVE-2025-31203

Apple fixed an integer overflow by improving input validation in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6/18.4, macOS Sonoma 14.7.5, watchOS 11.4, and visionOS 2.4. The issue could allow a local-network attacker to cause a denial-of-service. Affected products and versions are listed in the CV...

CVE-2025-30445

CVE-2025-30445 is a type-confusion vulnerability addressed by Apple across multiple platforms. The issue, triggered by local-network access, could cause an unexpected app termination and was fixed with improved checks. Affected products/versions include macOS Sequoia 15.4, macOS Ventura 13.7.5, m...

Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple macOS is a specialized operating system developed for Mac computers. apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in several Apple products...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that originates from a null pointer dereference that could...

PT-2025-18064 · Apple · Ipados +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.3 iPadOS versions prior to 18.3 iPadOS versions prior to 17.7.3 Description: An app could impersonate system notifications, and sensitive notifications now require restricted entitlements. This issue could allow an ap...

Apple Security Advisory 04-16-2025-1

Apple Security Advisory 04-16-2025-1 - iOS 18.4.1 and iPadOS 18.4.1 addresses bypass and code execution vulnerabilities...

Exploit for Race Condition in Apple Ipados

CVE-2024-27876 libAp...

The vulnerability of the CloudKit component in iPadOS and macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CloudKit component in iPadOS and macOS is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Both vulnerabilities allowed an attacker to bypass the memory...

PT-2025-16957 · Undefined · Undefined

🗞️ Apple Patches Two Actively Exploited Zero-Days in iOS, iPadOS, and macOS Apple fixes two zero-day flaws CVE-2025-37059, CVE-2025-37060 actively exploited in iOS, iPadOS, and macOS, risking data theft and device compromise. Update to iOS 18.4, iPadOS 18.4, or macOS Sequoia https://t.co/DTLP2ZYYs...

PT-2025-16958 · Undefined · Undefined

🗞️ Apple Patches Two Actively Exploited Zero-Days in iOS, iPadOS, and macOS Apple fixes two zero-day flaws CVE-2025-37059, CVE-2025-37060 actively exploited in iOS, iPadOS, and macOS, risking data theft and device compromise. Update to iOS 18.4, iPadOS 18.4, or macOS Sequoia https://t.co/DTLP2ZYYs...

About the security content of iOS 18.4.1 and iPadOS 18.4.1

About the security content of iOS 18.4.1 and iPadOS 18.4.1 This document describes the security content of iOS 18.4.1 and iPadOS 18.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 286 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CWE:CWE-345:...

CVE-2023-38614

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data...