Apple iPadOS vulnerabilities

CVE-2025-24129 [HIGH] CWE-843 CVE-2025-24129: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadO A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may cause an unexpected app termination.

CVE-2025-24107 [HIGH] CWE-276 CVE-2025-24107: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.

CVE-2024-54522 [HIGH] CWE-787 CVE-2024-54522: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVE-2025-24177 [HIGH] CWE-476 CVE-2025-24177: A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.

CVE-2025-24855 [HIGH] CVE-2025-24855: iPadOS 17.7.4 Apple Security Update: About the security content of iPadOS 17.7.4 Product: iPadOS Version: 17.7.4 CVE: CVE-2025-24855 Component: LaunchServices Impact: An app may be able to fingerprint the user Description: This issue was addressed with improved redaction of sensitive information.

CVE-2025-24159 [HIGH] CWE-94 CVE-2025-24159: A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18. A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-54543 [HIGH] CWE-787 CVE-2024-54543: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.

CVE-2024-54517 [HIGH] CWE-787 CVE-2024-54517: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVE-2024-55549 [HIGH] CVE-2024-55549: iPadOS 17.7.4 Apple Security Update: About the security content of iPadOS 17.7.4 Product: iPadOS Version: 17.7.4 CVE: CVE-2024-55549 Component: LaunchServices Impact: An app may be able to fingerprint the user Description: This issue was addressed with improved redaction of sensitive information.

CVE-2025-24150 [HIGH] CWE-77 CVE-2025-24150: A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, i A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.

CVE-2024-54499 [HIGH] CWE-416 CVE-2024-54499: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2025-24117 [MEDIUM] CWE-922 CVE-2025-24117: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

CVE-2024-54507 [MEDIUM] CWE-843 CVE-2024-54507: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.

CVE-2025-24123 [MEDIUM] CVE-2025-24123: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54488 [MEDIUM] CWE-863 CVE-2024-54488: A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.

CVE-2025-24143 [MEDIUM] CWE-862 CVE-2025-24143: The issue was addressed with improved access restrictions to the file system. This issue is fixed in The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-54497 [MEDIUM] CWE-770 CVE-2024-54497: The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.

CVE-2025-24124 [MEDIUM] CVE-2025-24124: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2025-24161 [MEDIUM] CWE-754 CVE-2025-24161: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54518 [MEDIUM] CWE-125 CVE-2024-54518: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.