AI description
CVE-2025-24163 is a vulnerability found in Apple's CoreAudio component. Parsing a specially crafted file can lead to unexpected application termination. The issue stems from improper resource handling during file parsing. Apple has addressed this vulnerability with improved checks in updates for multiple operating systems, including iOS 18.3 and iPadOS 18.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, visionOS 2.3, iPadOS 17.7.4. This vulnerability affects a range of Apple devices, including iPhones, Macs, iPads, Apple Watches, and Apple TVs. Users are encouraged to update their devices to the latest software versions to mitigate the risk associated with this vulnerability. The vulnerability was publicly disclosed and assigned a CVE identifier on January 17, 2025, and patches were released shortly thereafter.
- Description
- The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
- Source
- product-security@apple.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-770
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6