CVE-2025-24167: Input Validation
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Other sources
AccountPolicy. This issue was addressed by removing the vulnerable code.
— Apple
Accounts. This issue was addressed with improved data access restriction.
— Apple
AirDrop. A permissions issue was addressed with additional restrictions.
— Apple
AirPlay. A null pointer dereference was addressed with improved input validation.
— Apple
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
Credit
@@RenwaX23, Jaydev Ahire, Syarif Muhammad Sajjad, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Gary Kwong, an anonymous researcher, Paul Bakker(ParagonERP), Francisco Alonso@@revskills, Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, rheza@@ginggilBesel, Martin Kreichgauer(Google Chrome), Ron Masas(BREAKPOINT), Uri Katz (Oligo Security), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Dominik Rath, Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Google Threat Analysis Group, wac(Trend Micro Zero Day Initiative), pattern-f@@pattern_F_, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), CVE-2024-9681, Andr.Ess, Kirin@@Pwnrin, LFY@@secsys(Fudan University), Anonymous(Trend Micro Zero Day Initiative), Wang Yu(Cyberserval), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), CVE-2024-48958, CVE-2025-27113, CVE-2024-56171, Alex Radocea(Supernetworks), Dave G.(Supernetworks), 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, Jimmy, Mickey Jin@@patch1t, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Halle Winkler, Politepix theoffcuts.org, Andrew James Gonzalez, Bohdan Stasiuk@@bohdan_stasiuk, Apple, Zhongcheng Li(IES Red Team of ByteDance), Lehan Dilusha@@zafer, Gergely Kalman@@gergely_kalman, mzzzz__, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Florian Draschbacher, Jax Reissner, Dalibor Milanovic, Wojciech Regula(SecuRing), Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Richard Hyunho Im with routezero.security@@richeeta, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Jeffrey Hofmann, Ian Mckay@@iann0036, Csaba Fitzl@@theevilbit(Kandji), Nolan Astrein(Kandji), Stephan Casas, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Pietro Francesco Tirenna(Shielder), Davide Silvetti(Shielder), Abdel Adim Oisfi(Shielder), luckyu@@uuulucky, Rodolphe BRUNETTI@@eisw0lf, Manuel Fernandez (Stackhopper Security), ABC Research s.r.o., Murray Mike, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Ye Zhang@@VAR10CK(Baidu Security), Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), Joseph Ravichandran@@0xjprx(MIT CSAIL), Kenneth Chew, Paweł Płatek (Trail(Bits), Diamant Osmani & Valdrin Haliti [Kosovë], dbpeppe, Solitechworld, Pwn2car, Alhour@@NSAntoine, Mickey Jin@@patch1t(Kandji), (Kandji), Pedro Tôrres@@t0rr3sp3dr0, Noah Gregory (wts.dev), CVE-2023-27043, Yiğit Can YILMAZ@@yilmazcanyigit, Arsenii Kostromin (0x3c3e), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Dolf Hoegaerts, Michiel Devliegere, K宝@@Pwnrin, Tong Liu@@Lyutoon_, 风(binary_fmyy), F00L, Dave G., zbleet(QI), Cristian Dinca(Computer Science), Romania, 风沐云烟 (binary_fmyy), Kirin, FlowerCode, Zhongquan Li@@Guluisacat, Pedro José Pereira Vieito / pvieito.com)@@pvieito, PixiePoint Security, Andreas Hegenberg (folivora.AI GmbH)
Affected Software
8 affected componentsFixes available
Apple Safari<18.4
Apple iPadOS<18.4
Apple iPhone OS<18.4
Apple iOS<18.4
18.4
Apple iPadOS<18.4
18.4
Apple macOS Sequoia<15.4
15.4
Apple Safari<18.4
18.4
Apple WatchOS<11.4
11.4
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·10:24 PM
Data Sourced
via MITRE·10:24 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityAffected Software
Apr 1, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-24180
- CVE-2025-30466
- CVE-2025-24113
- CVE-2025-30467
- CVE-2025-31192
- CVE-2025-24167
- CVE-2025-31184
- CVE-2025-24192
- CVE-2025-24264
- CVE-2025-24216
- CVE-2025-24209
- CVE-2025-24208
- CVE-2025-30427
- CVE-2025-30425
- CVE-2025-24097
- CVE-2025-24251
- CVE-2025-43205
- CVE-2025-24244
- CVE-2025-24243
- CVE-2025-30430
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24163
- CVE-2025-24230
- CVE-2025-31196
- CVE-2025-24190
- CVE-2025-30454
- CVE-2025-31191
- CVE-2025-24182
- CVE-2025-31203
- CVE-2024-9681
- CVE-2025-30439
- CVE-2025-24283
- CVE-2025-30447
- CVE-2025-24210
- CVE-2025-24257
- CVE-2025-30432
- CVE-2025-24203
- CVE-2024-48958
- CVE-2025-24194
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-31182
- CVE-2025-24238
- CVE-2025-30470
- CVE-2025-30426
- CVE-2025-24173
- CVE-2025-30471
- CVE-2025-30438
- CVE-2025-30433
- CVE-2025-31183
- CVE-2025-24217
- CVE-2025-24214
- CVE-2025-24201
- CVE-2025-24202
- CVE-2025-24221
- CVE-2025-24271
- CVE-2025-24270
- CVE-2025-31202
- CVE-2025-24252
- CVE-2025-24206
- CVE-2025-30445
- CVE-2025-31197
- CVE-2025-24211
- CVE-2025-30456
- CVE-2025-30463
- CVE-2025-30434
- CVE-2025-31199
- CVE-2025-24193
- CVE-2025-30428
- CVE-2025-30469
- CVE-2025-24095
- CVE-2025-24220
- CVE-2025-30436
- CVE-2025-24205
- CVE-2025-24198
- CVE-2025-24234
- CVE-2025-24276
- CVE-2025-24272
- CVE-2025-24239
- CVE-2025-24233
- CVE-2025-30443
- CVE-2025-31272
- CVE-2025-24245
- CVE-2025-30460
- CVE-2025-24215
- CVE-2025-24236
- CVE-2025-24170
- CVE-2025-24277
- CVE-2025-31189
- CVE-2025-24255
- CVE-2025-30453
- CVE-2025-24267
- CVE-2025-24258
- CVE-2025-30455
- CVE-2025-31187
- CVE-2025-30462
- CVE-2025-30451
- CVE-2025-24281
- CVE-2025-30461
- CVE-2025-24199
- CVE-2025-30431
- CVE-2025-30464
- CVE-2025-24273
- CVE-2025-24256
- CVE-2025-30448
- CVE-2025-24249
- CVE-2025-24229
- CVE-2025-31263
- CVE-2025-30437
- CVE-2025-24235
- CVE-2025-24204
- CVE-2025-24196
- CVE-2025-24148
- CVE-2025-24195
- CVE-2025-31231
- CVE-2025-31264
- CVE-2025-24172
- CVE-2025-30450
- CVE-2025-46308
- CVE-2025-24262
- CVE-2025-24232
- CVE-2025-24246
- CVE-2025-24261
- CVE-2025-24164
- CVE-2025-30446
- CVE-2025-24259
- CVE-2025-30424
- CVE-2023-27043
- CVE-2025-24284
- CVE-2025-30459
- CVE-2025-24191
- CVE-2025-24093
- CVE-2025-30452
- CVE-2025-24181
- CVE-2025-30458
- CVE-2025-24250
- CVE-2025-24268
- CVE-2025-43184
- CVE-2025-30465
- CVE-2025-24280
- CVE-2025-31194
- CVE-2025-30435
- CVE-2025-24248
- CVE-2025-24269
- CVE-2025-30444
- CVE-2025-24228
- CVE-2025-24165
- CVE-2025-24260
- CVE-2025-30442
- CVE-2025-24282
- CVE-2025-24254
- CVE-2025-24231
- CVE-2025-24263
- CVE-2025-24207
- CVE-2025-31261
- CVE-2025-30449
- CVE-2025-24253
- CVE-2025-46293
- CVE-2025-43278
- CVE-2025-24240
- CVE-2025-31188
- CVE-2025-24218
- CVE-2025-24278
- CVE-2025-24242
- CVE-2025-30457
- CVE-2025-31195
- CVE-2025-24279
- CVE-2025-24247
- CVE-2025-24241
- CVE-2025-24266
- CVE-2025-24265
- CVE-2025-24157
- CVE-2025-31198
Frequently Asked Questions
1
What is the severity of CVE-2025-24167?
The severity of CVE-2025-24167 is considered significant due to the potential for improper data handling and access issues.
2
How do I fix CVE-2025-24167?
To fix CVE-2025-24167, update your affected Apple devices to the latest version, at least version 18.4.
3
Which Apple products are affected by CVE-2025-24167?
CVE-2025-24167 affects Apple Safari, iOS, iPadOS, macOS Sequoia, and watchOS versions below the specified update.
4
What types of issues does CVE-2025-24167 address?
CVE-2025-24167 addresses logging issues, permissions restrictions, and data access restrictions to enhance security.
5
Was CVE-2025-24167 related to data redaction?
Yes, CVE-2025-24167 includes improvements for data redaction to mitigate logging issues.