CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24198 – Apple Security Advisory 03-31-2025-9
https://notcve.org/view.php?id=CVE-2025-24198
31 Mar 2025 — This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access may be able to use Siri to access sensitive user data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24264 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24264
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. ajajfxhj discovered that processing web content may lead to a denial-of-service. Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading a malicious iframe may lead to a cross-site scripting attack. Francisco Alonso and an anonymous research... • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24208 – webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack
https://notcve.org/view.php?id=CVE-2025-24208
31 Mar 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. A flaw was found in WebKitGTK. Loading a malicious iframe can cause a cross-site scripting attack due to permissions issues. ajajfxhj discovered that processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/122371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24212 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24212
31 Mar 2025 — This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31183 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-31183
31 Mar 2025 — The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30454 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30454
31 Mar 2025 — A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24211 – Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24211
31 Mar 2025 — This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must ... • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30439 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30439
31 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An attacker with physical access to a locked device may be able to view sensitive user information. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24180 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24180
31 Mar 2025 — The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30434 – Apple Security Advisory 03-31-2025-3
https://notcve.org/view.php?id=CVE-2025-30434
31 Mar 2025 — The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack. iOS 18.4 and iPadOS 18.4 addresses buffer overflow, bypass, cross site scripting, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •