CVE-2025-24107 — Incorrect Default Permissions in Apple IOS AND Ipados

CWE-276 — Incorrect Default Permissions7 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 97.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +3 more

Timeline

PublishedJan 27

Latest updateJan 28

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5apple/tvos< 18.3

▶NVDapple/tvos< 18.3

▶CVEListV5apple/macos< 15.3

▶NVDapple/macos< 15.3

▶NVDapple/ipados< 18.3

🔴Vulnerability Details

GHSA

GHSA-v4x5-wpx5-pqc5: A permissions issue was addressed with additional restrictions↗2025-01-28

▶

CVEList

CVE-2025-24107: A permissions issue was addressed with additional restrictions↗2025-01-27

▶

📋Vendor Advisories

Apple

CVE-2025-24107: iOS 18.3 and iPadOS 18.3↗2025-01-27

▶

Apple

CVE-2025-24107: macOS Sequoia 15.3↗2025-01-27

▶

Apple

CVE-2025-24107: watchOS 11.3↗2025-01-27

▶

Apple

CVE-2025-24107: tvOS 18.3↗2025-01-27

▶