CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24198
https://notcve.org/view.php?id=CVE-2025-24198
31 Mar 2025 — This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access may be able to use Siri to access sensitive user data. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54533
https://notcve.org/view.php?id=CVE-2024-54533
31 Mar 2025 — A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. • https://support.apple.com/en-us/122374 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24272
https://notcve.org/view.php?id=CVE-2025-24272
31 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. • https://support.apple.com/en-us/122373 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24264
https://notcve.org/view.php?id=CVE-2025-24264
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24233
https://notcve.org/view.php?id=CVE-2025-24233
31 Mar 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files. • https://support.apple.com/en-us/122373 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24232
https://notcve.org/view.php?id=CVE-2025-24232
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files. • https://support.apple.com/en-us/122373 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24265
https://notcve.org/view.php?id=CVE-2025-24265
31 Mar 2025 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24273
https://notcve.org/view.php?id=CVE-2025-24273
31 Mar 2025 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. • https://support.apple.com/en-us/122373 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24199
https://notcve.org/view.php?id=CVE-2025-24199
31 Mar 2025 — An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause a denial-of-service. • https://support.apple.com/en-us/122373 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24208
https://notcve.org/view.php?id=CVE-2025-24208
31 Mar 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. • https://support.apple.com/en-us/122371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •