CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24170
https://notcve.org/view.php?id=CVE-2025-24170
31 Mar 2025 — A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to gain root privileges. • https://support.apple.com/en-us/122374 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30426
https://notcve.org/view.php?id=CVE-2025-30426
31 Mar 2025 — This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24259
https://notcve.org/view.php?id=CVE-2025-24259
31 Mar 2025 — This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check. • https://support.apple.com/en-us/122373 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30471
https://notcve.org/view.php?id=CVE-2025-30471
31 Mar 2025 — A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service. • https://support.apple.com/en-us/122371 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30467
https://notcve.org/view.php?id=CVE-2025-30467
31 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing. • https://support.apple.com/en-us/122371 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24218
https://notcve.org/view.php?id=CVE-2025-24218
31 Mar 2025 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts. • https://support.apple.com/en-us/122373 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30430
https://notcve.org/view.php?id=CVE-2025-30430
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication. • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24182 – Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24182
31 Mar 2025 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The spe... • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24244 – Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24244
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may var... • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24213
https://notcve.org/view.php?id=CVE-2025-24213
31 Mar 2025 — This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. • https://support.apple.com/en-us/122371 •