CVE-2025-24163

Published Jan 27, 2025

Last updated 15 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24163 is a vulnerability found in Apple's CoreAudio component. Parsing a specially crafted file can lead to unexpected application termination. The issue stems from improper resource handling during file parsing. Apple has addressed this vulnerability with improved checks in updates for multiple operating systems, including iOS 18.3 and iPadOS 18.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, visionOS 2.3, iPadOS 17.7.4. This vulnerability affects a range of Apple devices, including iPhones, Macs, iPads, Apple Watches, and Apple TVs. Users are encouraged to update their devices to the latest software versions to mitigate the risk associated with this vulnerability. The vulnerability was publicly disclosed and assigned a CVE identifier on January 17, 2025, and patches were released shortly thereafter.

Description: The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.
@ifsecure
28 Jan 2025
16655 Impressions
19 Retweets
81 Likes
33 Bookmarks
1 Reply
1 Quote

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27995710-C1F5-4919-8168-E2B59D7F698C",
            "versionEndExcluding": "17.7.4"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD29C5E9-9427-4C41-873F-C29493B892E4",
            "versionEndExcluding": "18.3",
            "versionStartIncluding": "18.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B",
            "versionEndExcluding": "18.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6049E692-EB64-4E7D-A1AC-CEBA288B7A55",
            "versionEndExcluding": "14.7.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33FE4A81-3E35-4934-ABBB-4531E8E249AF",
            "versionEndExcluding": "15.3",
            "versionStartIncluding": "15.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4",
            "versionEndExcluding": "18.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD",
            "versionEndExcluding": "2.3"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361",
            "versionEndExcluding": "11.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]