CVE-2025-24092: Race Condition
Published Jan 27, 2025
·Updated
AirPlay. A null pointer dereference was addressed with improved input validation.
Other sources
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
AirPlay. An input validation issue was addressed.
— Apple
AirPlay. The issue was addressed with improved memory handling.
— Apple
AppKit. The issue was addressed with additional permissions checks.
— Apple
AppleGraphicsControl. The issue was addressed with improved checks.
— Apple
Credit
Uri Katz (Oligo Security), Mickey Jin@@patch1t, D4m0n, Kirin@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, Minghao Lin@@Y1nKoc(Zhejiang University), babywu(Zhejiang University), (Zhejiang University), Xingwei Lin(Zhejiang University), Wang Yu(Cyberserval), Google Threat Analysis Group, Desmond(Trend Micro Zero Day Initiative), Pwn2car & Rotiple (HyeongSeok Jang)(Trend Micro Zero Day Initiative), CVE-2025-24085, Song Hyun Bae@@bshyuunn, Lee Dong Ha (Who4mI), Matej Moravec@@MacejkoMoravec, Arsenii Kostromin (0x3c3e), Joshua Jones, DongJun Kim@@smlijun, JongSeong Kim in Enki WhiteHat@@nevul37, Mateusz Krzywicki@@krzywix, Joseph Ravichandran@@0xjprx(MIT CSAIL), an anonymous researcher, pattern-f@@pattern_F_, Michael (Biscuit) Thomas @social.lol)@@biscuit, Ivan Fratric(Google Project Zero), 风(binary_fmyy), Minghao Lin@(Y1nKoc), Pedro Tôrres@@t0rr3sp3dr0, Josh Parnham@@joshparnham, 神罚@@Pwnrin, @@RenwaX23, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Zhongquan Li@@Guluisacat, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Junsung Lee, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Yann GASCUEL(Alter Solutions), Adam M., Q1IQ@@q1iqF(NUS CuriOSity), P1umer@@p1umer(Imperial Global Singapore), linjy(HKUS3Lab), chluo(WHUSecLab), Johan Carlsson (joaxcar), PixiePoint Security, CertiK SkyFall Team, Pwn2car & Rotiple(HyeongSeok Jang)(Trend Micro Zero Day Initiative), Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Eric Dorphy(Twin Cities App Dev LLC), jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC)
Affected Software
6 affected componentsFixes available
apple macOS Sequoia
apple macOS Sonoma
Apple macOS<14.7.3
Apple macOS>=15.0<15.3
apple macOS Sequoia<15.3
15.3
apple macOS Sonoma<14.7.3
14.7.3
Event History
Jan 27, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·09:46 PM
Data Sourced
via MITRE·09:46 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-24126
- CVE-2025-24129
- CVE-2025-24131
- CVE-2025-24177
- CVE-2025-24179
- CVE-2025-24137
- CVE-2025-24087
- CVE-2025-24112
- CVE-2025-24100
- CVE-2025-24109
- CVE-2025-24114
- CVE-2025-24121
- CVE-2025-24122
- CVE-2025-24127
- CVE-2025-24106
- CVE-2025-24160
- CVE-2025-24161
- CVE-2025-24163
- CVE-2025-24123
- CVE-2025-24124
- CVE-2025-24085
- CVE-2025-24184
- CVE-2025-24102
- CVE-2025-24111
- CVE-2025-24134
- CVE-2025-24140
- CVE-2025-24174
- CVE-2025-24086
- CVE-2025-24144
- CVE-2025-24118
- CVE-2025-24107
- CVE-2025-24159
- CVE-2025-24119
- CVE-2025-24094
- CVE-2025-24115
- CVE-2025-24116
- CVE-2025-24117
- CVE-2024-55549
- CVE-2025-24855
- CVE-2025-24136
- CVE-2025-24101
- CVE-2025-24096
- CVE-2025-31262
- CVE-2025-24099
- CVE-2025-24130
- CVE-2025-24169
- CVE-2025-24183
- CVE-2025-24146
- CVE-2025-24128
- CVE-2025-24113
- CVE-2025-24149
- CVE-2025-24103
- CVE-2025-24108
- CVE-2025-24185
- CVE-2025-24139
- CVE-2025-24151
- CVE-2025-24152
- CVE-2025-24153
- CVE-2025-24138
- CVE-2025-24176
- CVE-2025-24135
- CVE-2025-24145
- CVE-2025-24092
- CVE-2025-24155
- CVE-2025-24154
- CVE-2025-24189
- CVE-2025-24143
- CVE-2025-24158
- CVE-2025-24162
- CVE-2025-24150
- CVE-2025-24120
- CVE-2025-24156
- CVE-2024-54509
- CVE-2024-44172
- CVE-2024-54497
- CVE-2025-24093
- CVE-2024-44243
- CVE-2025-31242
- CVE-2025-31248
- CVE-2025-43374
Frequently Asked Questions
1
What is the severity of CVE-2025-24092?
CVE-2025-24092 has been assessed as a high-severity vulnerability.
2
How do I fix CVE-2025-24092?
To fix CVE-2025-24092, update to macOS Sequoia version 15.3 or macOS Sonoma version 14.7.3.
3
What specific issues does CVE-2025-24092 address?
CVE-2025-24092 addresses null pointer dereference, type confusion, and input validation issues within AirPlay.
4
What platforms are affected by CVE-2025-24092?
CVE-2025-24092 affects Apple macOS Sequoia and macOS Sonoma systems.
5
What improvements were made to resolve CVE-2025-24092?
CVE-2025-24092 was resolved with improved input validation and memory handling techniques.