Authentication Bypass in Apple Products
CVE-2025-24206

7.7HIGH

Key Information:

Vendor
Apple
Status
TV OS
iOS And iPad OS
iPad OS
Mac OS
Vendor
CVE Published:
29 April 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

Summary

A significant authentication issue has been identified in several Apple products, where an attacker on the local network could potentially bypass existing authentication policies. This flaw has been addressed with improved state management in the latest versions of macOS, iOS, tvOS, iPadOS, and visionOS, ensuring better security for users. It is crucial for individuals and organizations to update their devices to mitigate risks associated with unauthorized access.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

News Articles

favicon imageMalwarebytes

Apple AirPlay SDK devices at risk of takeover—make sure you update

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

1 week ago

References

https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Malwarebytes

  • Vulnerability published

.
CVE-2025-24206 : Authentication Bypass in Apple Products | SecurityVulnerability.io