Authentication Flaw in Apple iOS and iPadOS that Exposes Photos
CVE-2025-24141

3.3LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 27 January 2025

Summary

An authentication flaw has been addressed with enhanced state management in iOS and iPadOS. This security issue allows an attacker with physical access to an unlocked device the potential to access the Photos application while it remains locked, posing a privacy risk to users. The vulnerability highlights the importance of robust security mechanisms to protect sensitive personal data.

Affected Version(s)

iOS and iPadOS < 18.3

References

https://support.apple.com/en-us/122066

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 17, 2025