Apple Products Multiple Vulnerabilities

Release Date: 28 Jan 2025

RISK: High Risk

TYPE: Operating Systems - Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure, spoofing and data manipulation on the targeted system.

 

Note:

CVE-2025-24085 is actively exploited in the wild. Attacker can exploit this vulnerability to achieve elevation of privilege through a use after free issue in memory management. 

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Spoofing
• Data Manipulation

---

System / Technologies affected

• Versions prior to macOS Sequoia 15.3
• Versions prior to macOS Sonoma 14.7.3
• Versions prior to macOS Ventura 13.7.3
• Versions prior to iPadOS 17.7.4
• Versions prior to iOS 18.3 and iPadOS 18.3
• Versions prior to tvOS 18.3
• Versions prior to visionOS 2.3
• Versions prior to Safari 18.3
• Versions prior to watchOS 11.3

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• macOS Sequoia 15.3
• macOS Sonoma 14.7.3
• macOS Ventura 13.7.3
• iPadOS 17.7.4
• iOS 18.3 and iPadOS 18.3
• tvOS 18.3
• visionOS 2.3
• Safari 18.3
• watchOS 11.3

---

Vulnerability Identifier

• CVE-2024-9956
• CVE-2024-44172
• CVE-2024-44243
• CVE-2024-54478
• CVE-2024-54497
• CVE-2024-54509
• CVE-2025-24085
• CVE-2025-24086
• CVE-2025-24087
• CVE-2025-24092
• CVE-2025-24093
• CVE-2025-24094
• CVE-2025-24096
• CVE-2025-24100
• CVE-2025-24101
• CVE-2025-24102
• CVE-2025-24103
• CVE-2025-24104
• CVE-2025-24106
• CVE-2025-24107
• CVE-2025-24108
• CVE-2025-24109
• CVE-2025-24112
• CVE-2025-24113
• CVE-2025-24114
• CVE-2025-24115
• CVE-2025-24116
• CVE-2025-24117
• CVE-2025-24118
• CVE-2025-24120
• CVE-2025-24121
• CVE-2025-24122
• CVE-2025-24123
• CVE-2025-24124
• CVE-2025-24126
• CVE-2025-24127
• CVE-2025-24128
• CVE-2025-24129
• CVE-2025-24130
• CVE-2025-24131
• CVE-2025-24134
• CVE-2025-24135
• CVE-2025-24136
• CVE-2025-24137
• CVE-2025-24138
• CVE-2025-24139
• CVE-2025-24140
• CVE-2025-24141
• CVE-2025-24143
• CVE-2025-24145
• CVE-2025-24146
• CVE-2025-24149
• CVE-2025-24150
• CVE-2025-24151
• CVE-2025-24152
• CVE-2025-24153
• CVE-2025-24154
• CVE-2025-24156
• CVE-2025-24158
• CVE-2025-24159
• CVE-2025-24160
• CVE-2025-24161
• CVE-2025-24162
• CVE-2025-24163
• CVE-2025-24166
• CVE-2025-24169
• CVE-2025-24174
• CVE-2025-24176
• CVE-2025-24177

---

Source

• Apple

---

Related Link

• https://support.apple.com/en-us/122066
• https://support.apple.com/en-us/122067
• https://support.apple.com/en-us/122068
• https://support.apple.com/en-us/122069
• https://support.apple.com/en-us/122070
• https://support.apple.com/en-us/122071
• https://support.apple.com/en-us/122072
• https://support.apple.com/en-us/122073
• https://support.apple.com/en-us/122074