Validation Issue in Apple iOS, macOS, and tvOS Products
CVE-2025-24159

7.8HIGH

Key Information:

Vendor: Apple
Status: Mac OS; Visionos; TV OS; iPad OS
Vendor: CVE Published:; 27 January 2025

Summary

A validation vulnerability in Apple's iOS, macOS, and tvOS allows may enable an app to execute arbitrary code with kernel privileges. Improved logic was introduced to address this security risk in the latest updates, enhancing the protection of users on affected devices. Aplicable versions include various iPadOS, macOS, and tvOS iterations, reinforcing the need for timely updates to prevent unauthorized access.

Affected Version(s)

iOS and iPadOS < 18.3

iPadOS < 17.7

macOS < 14.7

References

https://support.apple.com/en-us/122069

https://support.apple.com/en-us/122073

https://support.apple.com/en-us/122072

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 17, 2025