Apple visionOS vulnerabilities

CVE-2025-24201 [CRITICAL] CWE-787 CVE-2025-24201: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Thi An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break ou

CVE-2024-44192 [MEDIUM] CWE-400 CVE-2024-44192: The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18 The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-54469 [MEDIUM] CWE-200 CVE-2024-54469: The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Seq The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. A local user may be able to leak sensitive user information.

CVE-2024-54467 [MEDIUM] CWE-200 CVE-2024-54467: A cookie management issue was addressed with improved state management. This issue is fixed in Safar A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

CVE-2024-27859 [HIGH] CWE-94 CVE-2024-27859: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.

CVE-2024-54658 [MEDIUM] CWE-400 CVE-2024-54658: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.

CVE-2025-24154 [CRITICAL] CWE-787 CVE-2025-24154: An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, visionOS 2.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2025-24085 [CRITICAL] CWE-416 CVE-2025-24085: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have be

CVE-2024-54530 [CRITICAL] CWE-863 CVE-2024-54530: The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing authentication.

CVE-2025-24137 [HIGH] CWE-843 CVE-2025-24137: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadO A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3. An attacker on the local network may corrupt process memory.

CVE-2025-24126 [HIGH] CWE-400 CVE-2025-24126: An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequ An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt process memory.

CVE-2025-24129 [HIGH] CWE-843 CVE-2025-24129: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadO A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may cause an unexpected app termination.

CVE-2025-24159 [HIGH] CWE-94 CVE-2025-24159: A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18. A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.

CVE-2025-24855 [HIGH] CVE-2025-24855: visionOS 2.3 Apple Security Update: About the security content of visionOS 2.3 Product: visionOS Version: 2.3 CVE: CVE-2025-24855 Component: LaunchServices Impact: An app may be able to fingerprint the user Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-55549 [HIGH] CVE-2024-55549: visionOS 2.3 Apple Security Update: About the security content of visionOS 2.3 Product: visionOS Version: 2.3 CVE: CVE-2024-55549 Component: LaunchServices Impact: An app may be able to fingerprint the user Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-54543 [HIGH] CWE-787 CVE-2024-54543: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.

CVE-2024-54499 [HIGH] CWE-416 CVE-2024-54499: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2025-24131 [MEDIUM] CWE-120 CVE-2025-24131: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.

CVE-2025-24117 [MEDIUM] CWE-922 CVE-2025-24117: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

CVE-2025-24143 [MEDIUM] CWE-862 CVE-2025-24143: The issue was addressed with improved access restrictions to the file system. This issue is fixed in The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.