CVE-2025-24244: Infoleak
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Credit
Uri Katz (Oligo Security), an anonymous researcher, Wojciech Regula(SecuRing), Mickey Jin@@patch1t, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Bohdan Stasiuk@@bohdan_stasiuk, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Kirin@@Pwnrin, CVE-2025-24085, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Stephan Casas, Csaba Fitzl@@theevilbit(Kandji), Gergely Kalman@@gergely_kalman, CVE-2024-9681, Wang Yu(Cyberserval), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Pietro Francesco Tirenna(Shielder), Davide Silvetti(Shielder), Abdel Adim Oisfi(Shielder), Manuel Fernandez (Stackhopper Security), LFY@@secsys(Fudan University), Murray Mike(Trend Micro Zero Day Initiative), Anonymous(Trend Micro Zero Day Initiative), ABC Research s.r.o., Dave G.(Supernetworks), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), Kenneth Chew, Paweł Płatek (Trail(Bits), CVE-2025-27113, CVE-2024-56171, 风沐云烟@@binary_fmyy(Supernetworks), Minghao Lin@@Y1nKoc(Supernetworks), Alex Radocea(Supernetworks), Diamant Osmani & Valdrin Haliti [Kosovë], dbpeppe, Solitechworld, Pwn2car, Mickey Jin@@patch1t(Kandji), (Kandji), Pedro Tôrres@@t0rr3sp3dr0, Noah Gregory (wts.dev), Arsenii Kostromin (0x3c3e), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Halle Winkler, Politepix theoffcuts.org, Dolf Hoegaerts, Michiel Devliegere, Andrew James Gonzalez, Junsung <3(Trend Micro Zero Day Initiative), Richard Hyunho Im with routezero.security@@richeeta, Joseph Ravichandran@@0xjprx(MIT CSAIL), zbleet(QI), Csaba Fitzl@@theevilbit(OffSec), 风沐云烟 (binary_fmyy)(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc(DBAppSecurity's WeBin lab), Zhongquan Li@@Guluisacat, PixiePoint Security, Andreas Hegenberg (folivora.AI GmbH), Google Threat Analysis Group, wac(Trend Micro Zero Day Initiative), pattern-f@@pattern_F_, CVE-2024-48958, 风沐云烟@@binary_fmyy, Jimmy, Gary Kwong, Paul Bakker(ParagonERP), Francisco Alonso@@revskills, rheza@@ginggilBesel, Ron Masas(BREAKPOINT), Dominik Rath, Martin Kreichgauer(Google Chrome), Andr.Ess, mzzzz__, Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Florian Draschbacher, Jax Reissner, Dalibor Milanovic, Jaydev Ahire, @@RenwaX23, Syarif Muhammad Sajjad, Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Zhongcheng Li(IES Red Team of ByteDance), Lehan Dilusha@@zafer, Ian Mckay@@iann0036, Nolan Astrein(Kandji), luckyu@@uuulucky, Rodolphe BRUNETTI@@eisw0lf, Murray Mike, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Ye Zhang@@VAR10CK(Baidu Security), Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), CVE-2023-27043, Yiğit Can YILMAZ@@yilmazcanyigit, K宝@@Pwnrin, Tong Liu@@Lyutoon_, 风(binary_fmyy), F00L, Cristian Dinca(Computer Science), Romania, 风沐云烟 (binary_fmyy), Kirin, FlowerCode, Pedro José Pereira Vieito / pvieito.com)@@pvieito, Apple, Lukas Bernhard, Tashita Software Security, Xiangwei Zhang(Tencent Security YUNDING LAB), linjy(HKUS3Lab), chluo(WHUSecLab), Brendon Tiszka(Google Project Zero)
Affected Software
15 affected componentsFixes available
Apple iPadOS<17.7.6
Apple iPadOS>=18.0<18.4
Apple iPhone OS<18.4
Apple macOS>=13.0<13.7.5
Apple macOS>=14.0<14.7.5
Apple macOS>=15.0<15.4
Apple tvOS<18.4
Apple macOS Ventura<13.7.5
13.7.5
Apple tvOS<18.4
18.4
Apple iOS<18.4
18.4
Apple iPadOS<18.4
18.4
Apple macOS Sequoia<15.4
15.4
Apple macOS Sonoma<14.7.5
14.7.5
Apple iPadOS<17.7.6
17.7.6
Apple WatchOS<11.4
11.4
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·10:23 PM
Data Sourced
via MITRE·10:23 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Apr 1, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-24244?
CVE-2025-24244 has a medium severity rating due to its potential impact on data access restrictions.
2
How do I fix CVE-2025-24244?
To address CVE-2025-24244, ensure that you update your Apple device software to the latest version available, specifically to at least the versions released after the vulnerability was fixed.
3
Which Apple products are affected by CVE-2025-24244?
CVE-2025-24244 affects various Apple products including iPadOS, iOS, macOS Ventura, macOS Sonoma, macOS Sequoia, and tvOS.
4
What types of vulnerabilities does CVE-2025-24244 address?
CVE-2025-24244 addresses accessibility issues, logging problems, and permissions issues related to data access.
5
Is CVE-2025-24244 a critical vulnerability?
No, CVE-2025-24244 is classified as a medium severity vulnerability, which necessitates attention but is not considered critical.