CVE-2025-24143: Input Validation
Published Jan 27, 2025
·Updated
Accessibility. An authentication issue was addressed with improved state management.
Credit
Ivan Fratric(Google Project Zero), Hichem Maloufi, Hakim Boukhadra, mastersplinter, @@RenwaX23, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Kirin@@Pwnrin, an anonymous researcher, Q1IQ@@q1iqF(NUS CuriOSity), P1umer@@p1umer(Imperial Global Singapore), linjy(HKUS3Lab), chluo(WHUSecLab), Johan Carlsson (joaxcar), pattern-f@@pattern_F_, Michael (Biscuit) Thomas @social.lol)@@biscuit, Mickey Jin@@patch1t, Mateusz Krzywicki@@krzywix, Uri Katz (Oligo Security), Minghao Lin@@Y1nKoc(Zhejiang University), babywu(Zhejiang University), (Zhejiang University), Xingwei Lin(Zhejiang University), Google Threat Analysis Group, Desmond(Trend Micro Zero Day Initiative), Pwn2car & Rotiple (HyeongSeok Jang)(Trend Micro Zero Day Initiative), CVE-2025-24085, Song Hyun Bae@@bshyuunn, Lee Dong Ha (Who4mI), Wang Yu(Cyberserval), DongJun Kim@@smlijun, JongSeong Kim in Enki WhiteHat@@nevul37, D4m0n, Josh Parnham@@joshparnham, Bohdan Stasiuk@@Bohdan_Stasiuk, Matej Moravec@@MacejkoMoravec, Arsenii Kostromin (0x3c3e), Joshua Jones, Joseph Ravichandran@@0xjprx(MIT CSAIL), 风(binary_fmyy), Minghao Lin@(Y1nKoc), Pedro Tôrres@@t0rr3sp3dr0, 神罚@@Pwnrin, Zhongquan Li@@Guluisacat, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Junsung Lee, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Yann GASCUEL(Alter Solutions), Adam M., PixiePoint Security, Denis Tokarev@@illusionofcha0s, Zikan Wang@@Lakr233, Guilherme Rambo(Best Buddy Apps), Jason Gendron@@gendron_jason, 이준성 (Junsung Lee), Abhay Kailasia@@abhay_kailasia(C)
Affected Software
16 affected componentsFixes available
debian/webkit2gtk<=2.44.2-1~deb11u1, <=2.46.5-1~deb12u1
2.46.6-1~deb11u12.46.6-1~deb12u12.46.6-1
debian/wpewebkit<=2.38.6-1~deb11u1, <=2.38.6-1
2.46.6-1
apple macOS Sequoia<15.3
apple Safari<18.3
apple iOS<18.3
apple iPadOS<18.3
Apple visionOS<2.3
apple Safari<18.3
apple iPadOS<18.3
Apple macOS<15.3
Apple visionOS<2.3
apple iOS<18.3
18.3
apple iPadOS<18.3
18.3
apple macOS Sequoia<15.3
15.3
Apple visionOS<2.3
2.3
apple Safari<18.3
18.3
Event History
Jan 27, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·09:46 PM
Data Sourced
via MITRE·09:46 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Feb 10, 2025
Data Sourced
via Red Hat·09:40 AM
DescriptionSeverityAffected Software
Feb 24, 2025
Data Sourced
via Ubuntu·10:47 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-24143?
CVE-2025-24143 has been classified with high severity due to multiple authentication and input validation issues.
2
How do I fix CVE-2025-24143?
To fix CVE-2025-24143, update affected Apple software to the latest versions listed in the vulnerability details.
3
Which Apple products are affected by CVE-2025-24143?
CVE-2025-24143 affects Apple macOS Sequoia, Safari, iOS, iPadOS, and visionOS versions up to specific release thresholds.
4
What types of issues does CVE-2025-24143 address?
CVE-2025-24143 addresses authentication issues, input validation problems, null pointer dereferences, and type confusion issues.
5
Is there a workaround for CVE-2025-24143 if I cannot update?
There are no documented workarounds for CVE-2025-24143, and it is recommended to update affected software as soon as possible.