CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30471 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30471
31 Mar 2025 — A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30467 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30467
31 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30430 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30430
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24182 – Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24182
31 Mar 2025 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe... • https://support.apple.com/en-us/122371 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24244 – Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24244
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may var... • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24213 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24213
31 Mar 2025 — This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. ajajfxhj discovered that processing web content may lead to a denial-of-service. Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading a malicious iframe may lead to a cross-site scripting attack. Francisco Alonso and an anonymous researcher discovered that processing malicio... • https://support.apple.com/en-us/122371 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24205 – Apple Security Advisory 03-31-2025-9
https://notcve.org/view.php?id=CVE-2025-24205
31 Mar 2025 — An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24194 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24194
31 Mar 2025 — A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may result in the disclosure of process memory. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30456 – Apple Security Advisory 03-31-2025-9
https://notcve.org/view.php?id=CVE-2025-30456
31 Mar 2025 — A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24209 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2025-24209
31 Mar 2025 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause a buffer overflow due to improper memory handling and result in an unexpected process crash. ajajfxhj discovered that processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/122371 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •