Apple iOS vulnerabilities

CVE-2025-24117 [MEDIUM] CWE-922 CVE-2025-24117: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

CVE-2024-54507 [MEDIUM] CWE-843 CVE-2024-54507: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.

CVE-2024-54488 [MEDIUM] CWE-863 CVE-2024-54488: A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.

CVE-2024-54497 [MEDIUM] CWE-770 CVE-2024-54497: The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.

CVE-2025-24124 [MEDIUM] CVE-2025-24124: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2025-24161 [MEDIUM] CWE-754 CVE-2025-24161: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54518 [MEDIUM] CWE-125 CVE-2024-54518: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVE-2025-24086 [MEDIUM] CWE-770 CVE-2025-24086: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.

CVE-2025-24162 [MEDIUM] CWE-125 CVE-2025-24162: This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-24127 [MEDIUM] CWE-770 CVE-2025-24127: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54523 [MEDIUM] CWE-787 CVE-2024-54523: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVE-2025-24131 [MEDIUM] CWE-120 CVE-2025-24131: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.

CVE-2025-24158 [MEDIUM] CWE-79 CVE-2025-24158: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.

CVE-2025-24163 [MEDIUM] CVE-2025-24163: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 1 The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sequoia 15.4, macOS Sonoma 14.7.3, tvOS 18.3, tvOS 18.4, visionOS 2.3, visionOS 2.4, watchOS 11.3, watchOS 11.4. Parsing a file may lead to an unexpected app termination.

CVE-2025-24149 [MEDIUM] CWE-125 CVE-2025-24149: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to disclosure of user information.

CVE-2025-24123 [MEDIUM] CVE-2025-24123: The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

CVE-2024-54478 [MEDIUM] CWE-125 CVE-2024-54478: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-24104 [MEDIUM] CWE-59 CVE-2025-24104: This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPa This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.

CVE-2024-54541 [MEDIUM] CWE-922 CVE-2024-54541: This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.

CVE-2024-54550 [MEDIUM] CWE-200 CVE-2024-54550: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.