Denial-of-Service Vulnerability in Apple Operating Systems
CVE-2025-24131

6.5MEDIUM

Key Information:

Vendor: Apple
Status: Visionos; TV OS; Mac OS; Watch OS
Vendor: CVE Published:; 27 January 2025

What is CVE-2025-24131?

A vulnerability in Apple operating systems allows an attacker with special privileges to exploit memory handling flaws. This can potentially lead to a denial-of-service condition, disrupting normal functionality for users. The issue has been addressed in the latest updates for visionOS, iOS, iPadOS, macOS, watchOS, and tvOS. Users are urged to update their devices to these versions to mitigate the risk.

Affected Version(s)

iOS and iPadOS < 18.3

macOS < 15.3

tvOS < 18.3

References

https://support.apple.com/en-us/122073

https://support.apple.com/en-us/122072

https://support.apple.com/en-us/122068

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 17, 2025