CVE-2025-24196 — Out-of-bounds Read in Apple Macos

CWE-125 — Out-of-bounds Read4 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Macos Sequoia Apple Macos Sonoma

Timeline

PublishedMar 31

Latest updateApr 1

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Appleapple/macos_sonoma14.7.5

▶Appleapple/macos_sequoia15.4

▶CVEListV5apple/macos< 14.7.5+1

▶NVDapple/macos14.0 — 14.7.5+1

🔴Vulnerability Details

GHSA

GHSA-4x4g-h2vr-367c: A type confusion issue was addressed with improved memory handling↗2025-04-01

▶

📋Vendor Advisories

Apple

CVE-2025-24196: macOS Sequoia 15.4↗2025-03-31

▶

Apple

CVE-2025-24196: macOS Sonoma 14.7.5↗2025-03-31

▶