Authentication Bypass in Apple Products
CVE-2025-24206

7.7HIGH

Key Information:

Vendor

Apple
Status
TV OS
iOS And iPad OS
iPad OS
Mac OS
Vendor
CVE Published:
29 April 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-24206?

A significant authentication issue has been identified in several Apple products, where an attacker on the local network could potentially bypass existing authentication policies. This flaw has been addressed with improved state management in the latest versions of macOS, iOS, tvOS, iPadOS, and visionOS, ensuring better security for users. It is crucial for individuals and organizations to update their devices to mitigate risks associated with unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

News Articles

favicon imageMalwarebytes

Apple AirPlay SDK devices at risk of takeover—make sure you update

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

References

https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Malwarebytes

  • Vulnerability published

JSON
.