Privacy Issue in Apple's macOS, iOS, and Safari Products
CVE-2025-24150

8.8HIGH

Key Information:

Vendor: Apple
Status: Mac OS; Safari; iOS And iPad OS
Vendor: CVE Published:; 27 January 2025

Summary

A privacy issue in Apple's macOS, Safari, and iOS platforms has been identified, wherein improper handling of file copying from the Web Inspector can lead to potential command injection attacks. The issue has been resolved in the latest versions of affected software, ensuring enhanced security for users. It's crucial for organizations and individuals to update their systems promptly to benefit from these important security enhancements.

Affected Version(s)

iOS and iPadOS < 18.3

macOS < 15.3

Safari < 18.3

References

https://support.apple.com/en-us/122068

https://support.apple.com/en-us/122074

https://support.apple.com/en-us/122066

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 17, 2025