Multiple Vulnerabilities in Apple Products
Severity Level: High
Date: 30/01/2025
Ref: CERT-NCSOC-0229
Components Affected
- Versions prior to macOS Sequoia 15.3
- Versions prior to macOS Sonoma 14.7.3
- Versions prior to macOS Ventura 13.7.3
- Versions prior to iPadOS 17.7.4
- Versions prior to iOS 18.3 and iPadOS 18.3
- Versions prior to tvOS 18.3
- Versions prior to visionOS 2.3
- Versions prior to Safari 18.3
- Versions prior to watchOS 11.3
Overview
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure, spoofing, and data manipulation on the targeted system.
Description
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the most severe vulnerabilities are as follows:
- A remote attacker may cause an unexpected application termination or arbitrary code execution. (CVE-2025-24137)
- A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. (CVE-2025-24085)
- An app may be able to execute arbitrary code with kernel privileges. (CVE-2025-24159)
- An app with root privileges may be able to execute arbitrary code with kernel privileges. (CVE-2025-24153)
- An app may be able to elevate privileges. (CVE-2025-24156)
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
- Data Manipulation
Solution/Workarounds
- Before installation of the software, please visit the vendor website for more details. Apply fixes issued by the vendor by updating to the following versions:
- macOS Sequoia 15.3
- macOS Sonoma 14.7.3
- macOS Ventura 13.7.3
- iPadOS 17.7.4
- iOS 18.3 and iPadOS 18.3
- tvOS 18.3
- visionOS 2.3
- Safari 18.3
- watchOS 11.3
Reference
Disclaimer
The information provided herein is on an "as is" basis, without warranty of any kind.
