CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-24143 – webkitgtk: A maliciously crafted webpage may be able to fingerprint the user
https://notcve.org/view.php?id=CVE-2025-24143
27 Jan 2025 — The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. A flaw was found in WebKitGTK. A maliciously crafted web page may be able to fingerprint the user due to improper access restrictions to the file system. • https://support.apple.com/en-us/122066 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54497 – Apple macOS WindowServer Unchecked Input for Loop Condition Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-54497
27 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WindowServer componen... • https://support.apple.com/en-us/121837 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54478 – Apple Security Advisory 01-27-2025-3
https://notcve.org/view.php?id=CVE-2024-54478
27 Jan 2025 — An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash. iPadOS 17.7.4 addresses code execution, out of bounds access, and out of bounds read vulnerabilities. • https://support.apple.com/en-us/121837 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24159 – Apple Security Advisory 01-27-2025-8
https://notcve.org/view.php?id=CVE-2025-24159
27 Jan 2025 — A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24163 – Apple Security Advisory 01-27-2025-8
https://notcve.org/view.php?id=CVE-2025-24163
27 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24162 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2025-24162
27 Jan 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management. • https://support.apple.com/en-us/122066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24123 – Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24123
27 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.... • https://support.apple.com/en-us/122066 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54530
https://notcve.org/view.php?id=CVE-2024-54530
27 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication. • https://support.apple.com/en-us/121837 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24158 – webkitgtk: Processing web content may lead to a denial-of-service
https://notcve.org/view.php?id=CVE-2025-24158
27 Jan 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling. • https://support.apple.com/en-us/122066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 2%CPEs: 10EXPL: 2CVE-2025-24085 – Apple Multiple Products Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2025-24085
27 Jan 2025 — A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds w... • https://github.com/clidanc/CVE-2025-24085 • CWE-416: Use After Free •