Out-of-Bounds Read Vulnerability in Apple Products
CVE-2025-24230

9.8CRITICAL

Key Information:

Vendor
Apple
Vendor
CVE Published:
31 March 2025

Summary

An out-of-bounds read issue was identified in various Apple products, which was mitigated through enhanced input validation measures. Exploiting this vulnerability by playing a specially crafted malicious audio file could result in the unexpected termination of the application, potentially impacting user experience and system stability.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.