CVE-2025-24230
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-24230 is an out-of-bounds read vulnerability (CWE-125) that was addressed through improved input validation in multiple Apple operating systems. Affected components include iOS prior to version 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, visionOS prior to 2.4, and watchOS prior to 11.4. The issue, published on 2025-03-31, carries a CVSS v3.1 base score of 9.8 (Critical).
Attackers can exploit this vulnerability over the network (AV:N) with low complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N), resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U). Exploitation occurs when a malicious audio file is played, potentially leading to unexpected app termination.
Apple's security advisories detail the fixes in the listed versions and recommend updating affected devices immediately. Relevant support pages include https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The OOB read vulnerability in audio file handling allows remote exploitation (AV:N, UI:N) leading to app termination or potential code execution in client applications.