CVE-2025-24126
Published: 27 January 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24126 is an input validation vulnerability affecting multiple Apple operating systems, including iOS prior to 18.3, iPadOS prior to 18.3, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.3, and visionOS prior to 2.3. The flaw allows an attacker on the local network to corrupt process memory, as indicated by its CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and association with CWE-400 (Uncontrolled Resource Consumption).
An attacker with low privileges on the local network can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables corruption of process memory, resulting in high integrity and availability impacts but no confidentiality loss, potentially leading to denial-of-service conditions or unauthorized modification of system processes.
Apple security advisories detail the fix through updates to the listed versions, recommending users apply patches immediately via standard update mechanisms. Relevant support pages include https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122072, https://support.apple.com/en-us/122073, and https://support.apple.com/en-us/122374.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Input validation flaw allows local network attacker to corrupt process memory on Apple systems, enabling exploitation of remote services (T1210) and application/system exploitation leading to DoS or process modification (T1499.004).