CVE-2025-24129
Published: 27 January 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24129 is a type confusion vulnerability (CWE-843) that was addressed with improved checks in multiple Apple operating systems. The affected components include iOS prior to version 18.3, iPadOS prior to 18.3, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.3, and visionOS prior to 2.3. The vulnerability was published on 2025-01-27.
An unauthenticated attacker on the local network can exploit this issue to cause an unexpected app termination, leading to a denial-of-service condition. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates network accessibility, low attack complexity, no privileges or user interaction required, and high impact on availability with no effects on confidentiality or integrity.
Apple's security advisories confirm the issue is fixed in the listed versions and recommend updating affected devices. Key references include https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122072, https://support.apple.com/en-us/122073, and https://support.apple.com/en-us/122374.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Type confusion vulnerability enables remote unauthenticated exploitation causing app termination/DoS on affected Apple systems, directly matching T1499.004 Application or System Exploitation under Endpoint Denial of Service.