CVE-2025-24203

CVE-2025-24203 is a local kernel memory bug (VM_BEHAVIOR_ZERO_WIRED_PAGES) that enables a user-process to zero wired kernel pages, creating a kernel read/write primitive. Public materials describe chaining this bug with additional flaws (e.g., sandbox escape, PID/file-signature bypass) to achieve...

CVE-2025-24203

The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system...

CVE-2025-24192

A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data...

CVE-2025-24192

CVE-2025-24192 pertains to a script-imports issue in Safari and related Apple platforms. The vulnerability was addressed with improved isolation and is fixed in Safari 18.4, visionOS 2.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. The issue could allow leakage of sensitive data when visiting ...

CVE-2025-31191

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data...

CVE-2025-24238

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges...

CVE-2025-24193

This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos...

CVE-2025-24193

CVE-2025-24193 affects iOS and iPadOS where an attacker with a USB-C connection to an unlocked device could programmatically access photos. Apple states the issue was addressed with improved authentication and the fix is in iOS 18.4 and iPadOS 18.4. The CVSS base score is low (2.4, LOW) with phys...

CVE-2025-24193

This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos...

CVE-2025-24202

CVE-2025-24202 affects Apple operating systems (iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4). Root cause: a logging issue with insufficient data redaction in the logging subsystem. Impact: an app may access sensitive user data due to improper logging handling. Remediation: fixed in the listed patch...

CVE-2025-24097

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata...

CVE-2025-24243

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2025-24243

CVE-2025-24243 is an Apple memory-management issue where processing a maliciously crafted file may lead to arbitrary code execution. It affects multiple platforms and is fixed in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, vision...

CVE-2025-24243

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2025-30426

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps...

CVE-2025-30471

CVE-2025-30471 is a validation issue addressed by Apple across multiple platforms. The advisory indicates a remote attacker may cause a denial-of-service, with fixes shipped in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4/iPadOS 18.4, macOS Sequoia 15.4, and macOS Sonoma...

CVE-2025-24182

An out-of-bounds read in font processing was fixed across Apple platforms: visionOS 2.4, iOS 18.4, iPadOS 18.4, tvOS 18.4, and macOS Sequoia 15.4. Root cause: input validation flaw in font handling leading to potential memory disclosure. Practical impact: confidential memory exposure if a malicio...

CVE-2025-30430

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Password autofill may fill in passwords after failing authentication...

CVE-2025-30430

This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication...

CVE-2025-24182

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory...