CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30425 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30425
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24173 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24173
31 Mar 2025 — This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30433 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30433
31 Mar 2025 — This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24283 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24283
31 Mar 2025 — A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24190 – Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24190
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must v... • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30429 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30429
31 Mar 2025 — A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24217 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24217
31 Mar 2025 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30469 – Apple Security Advisory 03-31-2025-3
https://notcve.org/view.php?id=CVE-2025-30469
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. iOS 18.4 and iPadOS 18.4 addresses buffer overflow, bypass, cross site scripting, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-863: Incorrect Authorization •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24095 – Apple Security Advisory 03-31-2025-11
https://notcve.org/view.php?id=CVE-2025-24095
31 Mar 2025 — This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences. iOS 18.4 and iPadOS 18.4 addresses buffer overflow, bypass, cross site scripting, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24216 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
https://notcve.org/view.php?id=CVE-2025-24216
31 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. ajajfxhj discovered that processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/122371 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-508: Non-Replicating Malicious Code •