Logic Error in Apple’s Affected Products May Lead to User Information Disclosure
CVE-2025-24210

5.5MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 31 March 2025

Summary

A logic error in the error handling of Apple's software could lead to the unintended disclosure of user information during image parsing. This issue affects multiple Apple operating systems, including visionOS, macOS, iPadOS, and tvOS, necessitating prompt attention to software updates to enhance security.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025