CVE-2025-24264: Buffer Overflow
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Other sources
AccountPolicy. This issue was addressed by removing the vulnerable code.
— Apple
Accounts. This issue was addressed with improved data access restriction.
— Apple
AirDrop. A permissions issue was addressed with additional restrictions.
— Apple
AirPlay. A null pointer dereference was addressed with improved input validation.
— Apple
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
Credit
@@RenwaX23, Jaydev Ahire, Syarif Muhammad Sajjad, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Gary Kwong, an anonymous researcher, Paul Bakker(ParagonERP), Francisco Alonso@@revskills, Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, rheza@@ginggilBesel, Martin Kreichgauer(Google Chrome), Lehan Dilusha@@zafer, Uri Katz (Oligo Security), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Kirin@@Pwnrin, CVE-2025-24085, CVE-2024-9681, LFY@@secsys(Fudan University), Anonymous(Trend Micro Zero Day Initiative), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), CVE-2025-27113, CVE-2024-56171, Jimmy, Jax Reissner, Mickey Jin@@patch1t, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Andrew James Gonzalez, Richard Hyunho Im with routezero.security@@richeeta, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Apple, Lukas Bernhard, Tashita Software Security, Xiangwei Zhang(Tencent Security YUNDING LAB), linjy(HKUS3Lab), chluo(WHUSecLab), Brendon Tiszka(Google Project Zero), Dominik Rath, Google Threat Analysis Group, wac(Trend Micro Zero Day Initiative), Andr.Ess, Wang Yu(Cyberserval), CVE-2024-48958, Alex Radocea(Supernetworks), Dave G.(Supernetworks), 风沐云烟@@binary_fmyy, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Halle Winkler, Politepix theoffcuts.org, Ron Masas(BREAKPOINT), pattern-f@@pattern_F_, Bohdan Stasiuk@@bohdan_stasiuk, Zhongcheng Li(IES Red Team of ByteDance), Gergely Kalman@@gergely_kalman, mzzzz__, Florian Draschbacher, Dalibor Milanovic, Wojciech Regula(SecuRing), Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Jeffrey Hofmann, Ian Mckay@@iann0036, Csaba Fitzl@@theevilbit(Kandji), Nolan Astrein(Kandji), Stephan Casas, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Pietro Francesco Tirenna(Shielder), Davide Silvetti(Shielder), Abdel Adim Oisfi(Shielder), luckyu@@uuulucky, Rodolphe BRUNETTI@@eisw0lf, Manuel Fernandez (Stackhopper Security), ABC Research s.r.o., Murray Mike, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Ye Zhang@@VAR10CK(Baidu Security), Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), Joseph Ravichandran@@0xjprx(MIT CSAIL), Kenneth Chew, Paweł Płatek (Trail(Bits), Diamant Osmani & Valdrin Haliti [Kosovë], dbpeppe, Solitechworld, Pwn2car, Alhour@@NSAntoine, Mickey Jin@@patch1t(Kandji), (Kandji), Pedro Tôrres@@t0rr3sp3dr0, Noah Gregory (wts.dev), CVE-2023-27043, Yiğit Can YILMAZ@@yilmazcanyigit, Arsenii Kostromin (0x3c3e), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Dolf Hoegaerts, Michiel Devliegere, K宝@@Pwnrin, Tong Liu@@Lyutoon_, 风(binary_fmyy), F00L, Dave G., zbleet(QI), Cristian Dinca(Computer Science), Romania, 风沐云烟 (binary_fmyy), Kirin, FlowerCode, Zhongquan Li@@Guluisacat, Pedro José Pereira Vieito / pvieito.com)@@pvieito, PixiePoint Security, Andreas Hegenberg (folivora.AI GmbH)
Affected Software
17 affected componentsFixes available
debian/webkit2gtk<=2.44.2-1~deb11u1, <=2.46.6-1~deb11u1, <=2.46.6-1~deb12u1
2.48.1-2~deb12u12.48.1-2
debian/wpewebkit<=2.38.6-1~deb11u1, <=2.38.6-1
2.48.1-1
Apple Safari<18.4
Apple iPadOS<17.7.6
Apple iPadOS>=18.0<18.4
Apple iPhone OS<18.4
Apple macOS>=15.0<15.4
Apple tvOS<18.4
Apple visionOS<2.4
Apple visionOS<2.4
2.4
Apple tvOS<18.4
18.4
Apple iOS<18.4
18.4
Apple iPadOS<18.4
18.4
Apple macOS Sequoia<15.4
15.4
Apple iPadOS<17.7.6
17.7.6
Apple Safari<18.4
18.4
Apple WatchOS<11.4
11.4
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·10:23 PM
Data Sourced
via MITRE·10:23 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Apr 1, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Apr 7, 2025
Data Sourced
via Red Hat·02:32 PM
DescriptionSeverityAffected Software
Apr 15, 2025
Data Sourced
via Ubuntu·12:43 AM
RemedyDescriptionSeverityAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-24180
- CVE-2025-30466
- CVE-2025-24113
- CVE-2025-30467
- CVE-2025-31192
- CVE-2025-24167
- CVE-2025-31184
- CVE-2025-24192
- CVE-2025-24264
- CVE-2025-24216
- CVE-2025-24209
- CVE-2025-24208
- CVE-2025-30427
- CVE-2025-30425
- CVE-2025-24221
- CVE-2025-24131
- CVE-2025-24270
- CVE-2025-24271
- CVE-2025-24177
- CVE-2025-24179
- CVE-2025-24251
- CVE-2025-31197
- CVE-2025-24252
- CVE-2025-30445
- CVE-2025-24206
- CVE-2025-43205
- CVE-2025-24243
- CVE-2025-24244
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24215
- CVE-2025-24230
- CVE-2025-24085
- CVE-2025-24190
- CVE-2025-24211
- CVE-2025-31203
- CVE-2024-9681
- CVE-2025-30447
- CVE-2025-24210
- CVE-2025-30432
- CVE-2025-24203
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-30426
- CVE-2025-30428
- CVE-2025-24173
- CVE-2025-30471
- CVE-2025-30465
- CVE-2025-30433
- CVE-2025-24198
- CVE-2025-24205
- CVE-2025-24201
- CVE-2024-54543
- CVE-2024-54534
- CVE-2024-54508
- CVE-2024-54502
- CVE-2025-31202
- CVE-2025-30430
- CVE-2025-24163
- CVE-2025-31196
- CVE-2025-24182
- CVE-2025-30439
- CVE-2025-24283
- CVE-2025-24257
- CVE-2024-48958
- CVE-2025-24194
- CVE-2025-31182
- CVE-2025-31199
- CVE-2025-30470
- CVE-2025-24095
- CVE-2025-30438
- CVE-2025-24214
- CVE-2025-24097
- CVE-2025-30454
- CVE-2025-31191
- CVE-2025-24238
- CVE-2025-31183
- CVE-2025-24217
- CVE-2025-24202
- CVE-2025-30456
- CVE-2025-30463
- CVE-2025-30434
- CVE-2025-24193
- CVE-2025-30469
- CVE-2025-24220
- CVE-2025-30436
- CVE-2025-24234
- CVE-2025-24276
- CVE-2025-24272
- CVE-2025-24239
- CVE-2025-24233
- CVE-2025-30443
- CVE-2025-31272
- CVE-2025-24245
- CVE-2025-30460
- CVE-2025-24236
- CVE-2025-24170
- CVE-2025-24277
- CVE-2025-31189
- CVE-2025-24255
- CVE-2025-30453
- CVE-2025-24267
- CVE-2025-24258
- CVE-2025-30455
- CVE-2025-31187
- CVE-2025-30462
- CVE-2025-30451
- CVE-2025-24281
- CVE-2025-30461
- CVE-2025-24199
- CVE-2025-30431
- CVE-2025-30464
- CVE-2025-24273
- CVE-2025-24256
- CVE-2025-30448
- CVE-2025-24249
- CVE-2025-24229
- CVE-2025-31263
- CVE-2025-30437
- CVE-2025-24235
- CVE-2025-24204
- CVE-2025-24196
- CVE-2025-24148
- CVE-2025-24195
- CVE-2025-31231
- CVE-2025-31264
- CVE-2025-24172
- CVE-2025-30450
- CVE-2025-46308
- CVE-2025-24262
- CVE-2025-24232
- CVE-2025-24246
- CVE-2025-24261
- CVE-2025-24164
- CVE-2025-30446
- CVE-2025-24259
- CVE-2025-30424
- CVE-2023-27043
- CVE-2025-24284
- CVE-2025-30459
- CVE-2025-24191
- CVE-2025-24093
- CVE-2025-30452
- CVE-2025-24181
- CVE-2025-30458
- CVE-2025-24250
- CVE-2025-24268
- CVE-2025-43184
- CVE-2025-24280
- CVE-2025-31194
- CVE-2025-30435
- CVE-2025-24248
- CVE-2025-24269
- CVE-2025-30444
- CVE-2025-24228
- CVE-2025-24165
- CVE-2025-24260
- CVE-2025-30442
- CVE-2025-24282
- CVE-2025-24254
- CVE-2025-24231
- CVE-2025-24263
- CVE-2025-24207
- CVE-2025-31261
- CVE-2025-30449
- CVE-2025-24253
- CVE-2025-46293
- CVE-2025-43278
- CVE-2025-24240
- CVE-2025-31188
- CVE-2025-24218
- CVE-2025-24278
- CVE-2025-24242
- CVE-2025-30457
- CVE-2025-31195
- CVE-2025-24279
- CVE-2025-24247
- CVE-2025-24241
- CVE-2025-24266
- CVE-2025-24265
- CVE-2025-24157
- CVE-2025-31198
Frequently Asked Questions
1
What is the severity of CVE-2025-24264?
CVE-2025-24264 has been rated with a high severity level due to the potential for exploitation.
2
How do I fix CVE-2025-24264?
To fix CVE-2025-24264, update to the latest versions of the affected software as specified in the vulnerability details.
3
What software is affected by CVE-2025-24264?
CVE-2025-24264 affects several platforms including Apple Safari, iPadOS, iPhone OS, macOS, tvOS, and visionOS among others.
4
What types of issues does CVE-2025-24264 address?
CVE-2025-24264 addresses issues related to logging vulnerabilities, data redaction, and permissions.
5
Is there a workaround for CVE-2025-24264?
There is no official workaround for CVE-2025-24264; it is recommended to apply the necessary updates to mitigate the vulnerability.