CVE-2025-24161

Published Jan 27, 2025

Last updated 2 months ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24161 is a vulnerability found in Apple's CoreAudio component. This flaw can cause unexpected application termination when a specially crafted file is parsed. The issue was discovered by Google's Threat Analysis Group and reported to Apple. The vulnerability affects various Apple operating systems, including iOS 18.3 and iPadOS 18.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3. Apple has addressed the vulnerability with improved checks in these updated operating systems. Users are advised to update their devices to the patched versions.

Description: The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-754

Hype score: Not currently trending

The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.
@ifsecure
28 Jan 2025
16655 Impressions
19 Retweets
81 Likes
33 Bookmarks
1 Reply
1 Quote

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27995710-C1F5-4919-8168-E2B59D7F698C",
            "versionEndExcluding": "17.7.4"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B",
            "versionEndExcluding": "18.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6049E692-EB64-4E7D-A1AC-CEBA288B7A55",
            "versionEndExcluding": "14.7.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33FE4A81-3E35-4934-ABBB-4531E8E249AF",
            "versionEndExcluding": "15.3",
            "versionStartIncluding": "15.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4",
            "versionEndExcluding": "18.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD",
            "versionEndExcluding": "2.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361",
            "versionEndExcluding": "11.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]