CVE-2025-24127: Input Validation
Published Jan 27, 2025
·Updated
Accessibility. An authentication issue was addressed with improved state management.
Credit
Uri Katz (Oligo Security), Minghao Lin@@Y1nKoc(Zhejiang University), babywu(Zhejiang University), (Zhejiang University), Xingwei Lin(Zhejiang University), Google Threat Analysis Group, Desmond(Trend Micro Zero Day Initiative), Pwn2car & Rotiple (HyeongSeok Jang)(Trend Micro Zero Day Initiative), CVE-2025-24085, Song Hyun Bae@@bshyuunn, Lee Dong Ha (Who4mI), Wang Yu(Cyberserval), DongJun Kim@@smlijun, JongSeong Kim in Enki WhiteHat@@nevul37, D4m0n, Mateusz Krzywicki@@krzywix, an anonymous researcher, pattern-f@@pattern_F_, Ivan Fratric(Google Project Zero), Mickey Jin@@patch1t, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Q1IQ@@q1iqF(NUS CuriOSity), P1umer@@p1umer(Imperial Global Singapore), linjy(HKUS3Lab), chluo(WHUSecLab), Michael (Biscuit) Thomas @social.lol)@@biscuit, @@RenwaX23, Pwn2car & Rotiple(HyeongSeok Jang)(Trend Micro Zero Day Initiative), Kirin@@Pwnrin, Gary Kwong, Joseph Ravichandran@@0xjprx(MIT CSAIL), Hichem Maloufi, Hakim Boukhadra, Anonymous(Trend Micro Zero Day Initiative), Bohdan Stasiuk@@Bohdan_Stasiuk, Matej Moravec@@MacejkoMoravec, Arsenii Kostromin (0x3c3e), Joshua Jones, 风(binary_fmyy), Minghao Lin@(Y1nKoc), Pedro Tôrres@@t0rr3sp3dr0, Josh Parnham@@joshparnham, 神罚@@Pwnrin, Zhongquan Li@@Guluisacat, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Junsung Lee, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Yann GASCUEL(Alter Solutions), Adam M., Johan Carlsson (joaxcar), PixiePoint Security, Minghao Lin@@Y1nKoc, Yiğit Can YILMAZ@@yilmazcanyigit, Eric Dorphy(Twin Cities App Dev LLC), jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC), CertiK SkyFall Team, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Denis Tokarev@@illusionofcha0s, Zikan Wang@@Lakr233, Guilherme Rambo(Best Buddy Apps), mastersplinter, Jason Gendron@@gendron_jason, 이준성 (Junsung Lee), Abhay Kailasia@@abhay_kailasia(C)
Affected Software
23 affected componentsFixes available
apple iPadOS<17.7.4
apple macOS Ventura<13.7.3
apple macOS Sonoma<14.7.3
Apple visionOS<2.3
apple iOS<18.3
apple macOS Sequoia<15.3
apple tvOS<18.3
apple iPadOS<17.7.4
apple iPadOS>=18.0<18.3
apple iPhone OS<18.3
Apple macOS<13.7.3
Apple macOS>=14.0<14.7.3
Apple macOS>=15.0<15.3
apple tvOS<18.3
Apple visionOS<2.3
apple tvOS<18.3
18.3
apple macOS Sequoia<15.3
15.3
apple macOS Ventura<13.7.3
13.7.3
Apple visionOS<2.3
2.3
apple macOS Sonoma<14.7.3
14.7.3
apple iPadOS<17.7.4
17.7.4
apple iOS<18.3
18.3
apple iPadOS<18.3
18.3
Event History
Jan 27, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·09:46 PM
Data Sourced
via MITRE·09:46 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-24127?
CVE-2025-24127 has a medium severity rating due to its potential impact on accessibility and authentication issues.
2
How do I fix CVE-2025-24127?
To fix CVE-2025-24127, update your device to the latest version of the affected software as specified by Apple.
3
Which versions are affected by CVE-2025-24127?
CVE-2025-24127 affects various versions including iPadOS up to 17.7.4, macOS Ventura up to 13.7.3, and iOS up to 18.3.
4
What types of issues does CVE-2025-24127 address?
CVE-2025-24127 addresses authentication issues, null pointer dereference, type confusion, and input validation issues related to AirPlay.
5
Which Apple products are impacted by CVE-2025-24127?
CVE-2025-24127 impacts Apple products including iPadOS, macOS Ventura, macOS Sonoma, and iOS.