CVE-2025-24102

CVE-2025-24102 is a vulnerability that allows an app to determine a user’s current location, addressed through improved checks. It affects iPadOS versions prior to 17.7.4, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.3, and macOS Ventura prior to 13.7.3. The issue is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables exploitation over the network with low complexity, requiring no privileges or user interaction. An attacker can leverage a malicious app to gain high-impact access, including unauthorized determination of the user’s current location, potentially compromising confidentiality, integrity, and availability.

Apple advisories confirm the issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3 via improved checks. Mitigation requires updating affected systems to these patched versions, with details available in support documents at https://support.apple.com/en-us/122067, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, https://support.apple.com/en-us/122070, and http://seclists.org/fulldisclosure/2025/Jan/14.