AI description
CVE-2025-24104 is a vulnerability in Apple's iOS and iPadOS stemming from improper handling of symbolic links (symlinks) during backup restoration. A specially crafted backup could allow an attacker to read arbitrary files outside the application sandbox, potentially exposing sensitive system data. This occurs because the `mc_mobile_tunnel` lockdown service doesn't validate whether the `CloudConfigurationDetails.plist` file is a symlink. If this file is replaced with a symlink pointing to a restricted file, the system reads the content of the targeted file instead, bypassing security restrictions. This vulnerability was discovered in April 2024 and reported to Apple in October 2024. Apple addressed the issue in iOS 18.3 beta 1 and iPadOS 17.7.4. The vulnerability allows reading arbitrary files, not modifying system files as initially reported by Apple. This highlights a significant security flaw in how backups are handled, potentially allowing unauthorized access to protected data.
- Description
- This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.
- Source
- product-security@apple.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
iOS 18.4 - 17.0 Jailbreak News (All Devices): Apple SCREWED UP! Older Vulnerability NOT Patched Properly! Fix Already Bypassed! 🔥 FULL VIDEO: https://t.co/7fIREaZ1sW We're discussing a recent writeup that was released for CVE-2025-24104, a vulnerability thought to have been…
@FCE365
26 Feb 2025
5005 Impressions
11 Retweets
43 Likes
7 Bookmarks
0 Replies
0 Quotes
iOS 18.4 - 17.0 Jailbreak News (All Devices): Apple SCREWED UP! Older Vulnerability NOT Patched Properly! Fix Already Bypassed! 🔥 NEW VIDEO: https://t.co/7fIREaZziu We're discussing a recent writeup that was released for CVE-2025-24104, a vulnerability thought to have been… ht
@FCE365
25 Feb 2025
8769 Impressions
13 Retweets
72 Likes
14 Bookmarks
9 Replies
1 Quote
New writeup: CVE-2025-24104 – Apple’s bug allowed arbitrary file reads outside the sandbox. While iOS 18.3 added a mitigation, it doesn’t fully fix the issue. I even bypassed it since my recommended fix wasn’t followed. Read more 👉 https://t.co/U2SzttjzPI… #AppleSecurity… h
@minacris_
25 Feb 2025
3421 Impressions
3 Retweets
21 Likes
8 Bookmarks
3 Replies
0 Quotes
New writeup: CVE-2025-24104 – Apple’s bug allowed arbitrary file reads outside the sandbox. While iOS 18.3 added a mitigation, it doesn’t fully fix the issue. I even bypassed it since my recommended fix wasn’t followed. Read more 👉 https://t.co/ZAuhCs5NIS #AppleSecurity… ht
@hichem_ifpdz
25 Feb 2025
13924 Impressions
29 Retweets
189 Likes
48 Bookmarks
13 Replies
0 Quotes
CVE-2025-24104 This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup fi… https://t.co/hNXMiWHmB2
@CVEnew
27 Jan 2025
1301 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24104 ⏳
@minacris_
22 Jan 2025
2577 Impressions
1 Retweet
7 Likes
1 Bookmark
4 Replies
0 Quotes
CVE-2025-24104 ⏳
@hichem_ifpdz
22 Jan 2025
11317 Impressions
4 Retweets
116 Likes
21 Bookmarks
16 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27995710-C1F5-4919-8168-E2B59D7F698C",
"versionEndExcluding": "17.7.4"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD29C5E9-9427-4C41-873F-C29493B892E4",
"versionEndExcluding": "18.3",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B",
"versionEndExcluding": "18.3"
}
],
"operator": "OR"
}
]
}
]