CVE-2025-24161

Published Jan 27, 2025

Last updated 12 hours ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24161 is a vulnerability found in Apple's CoreAudio component. This flaw can cause unexpected application termination when a specially crafted file is parsed. The issue was discovered by Google's Threat Analysis Group and reported to Apple. The vulnerability affects various Apple operating systems, including iOS 18.3 and iPadOS 18.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3. Apple has addressed the vulnerability with improved checks in these updated operating systems. Users are advised to update their devices to the patched versions.

Description: The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 6

The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.
@ifsecure
28 Jan 2025
16655 Impressions
19 Retweets
81 Likes
33 Bookmarks
1 Reply
1 Quote

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27995710-C1F5-4919-8168-E2B59D7F698C",
            "versionEndExcluding": "17.7.4"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B",
            "versionEndExcluding": "18.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6049E692-EB64-4E7D-A1AC-CEBA288B7A55",
            "versionEndExcluding": "14.7.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33FE4A81-3E35-4934-ABBB-4531E8E249AF",
            "versionEndExcluding": "15.3",
            "versionStartIncluding": "15.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4",
            "versionEndExcluding": "18.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD",
            "versionEndExcluding": "2.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361",
            "versionEndExcluding": "11.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]