CVE-2025-24211

CVE-2025-24211 is a high-severity vulnerability (CVSS 3.1 score of 9.8) involving inadequate memory handling in Apple's operating systems. Processing a maliciously crafted video file can lead to unexpected app termination or corrupt process memory, mapped to CWE-400 (Uncontrolled Resource Consumption). The issue affects iOS versions prior to 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, and visionOS prior to 2.4.

Remote attackers can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L), no required privileges (PR:N), and no user interaction (UI:N). Exploitation results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the affected process's scope (S:U), enabling outcomes such as process crashes or memory corruption that could facilitate further compromise like arbitrary code execution.

Apple's security advisories confirm the issue was addressed through improved memory handling in the specified patched versions. Mitigation requires updating affected devices to iOS 18.4 or later, iPadOS 18.4 or 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, or visionOS 2.4. Additional details are available in Apple's support pages: https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.