CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 3CVE-2025-24252
https://notcve.org/view.php?id=CVE-2025-24252
29 Apr 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory. • https://github.com/ekomsSavior/AirBorne-PoC • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 0CVE-2025-31197
https://notcve.org/view.php?id=CVE-2025-31197
29 Apr 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. • https://support.apple.com/en-us/122371 • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 0CVE-2025-24179
https://notcve.org/view.php?id=CVE-2025-24179
29 Apr 2025 — A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service. • https://support.apple.com/en-us/122066 • CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 0CVE-2025-24270
https://notcve.org/view.php?id=CVE-2025-24270
29 Apr 2025 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. • https://support.apple.com/en-us/122371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 2CVE-2025-24271 – Apple AirPlay Command Execution
https://notcve.org/view.php?id=CVE-2025-24271
29 Apr 2025 — An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing. • https://packetstorm.news/files/id/190725 • CWE-306: Missing Authentication for Critical Function CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2025-24206
https://notcve.org/view.php?id=CVE-2025-24206
29 Apr 2025 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy. • https://support.apple.com/en-us/122371 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2025-24251
https://notcve.org/view.php?id=CVE-2025-24251
29 Apr 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. • https://support.apple.com/en-us/122371 • CWE-476: NULL Pointer Dereference •
CVSS: 7.6EPSS: 0%CPEs: 8EXPL: 3CVE-2025-31200 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-31200
16 Apr 2025 — A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. watchOS 11.5 addresses code execution, double free, integer overflow, out of bounds read, ... • https://packetstorm.news/files/id/193169 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-31201 – Apple Multiple Products Arbitrary Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-31201
16 Apr 2025 — This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. iOS 18.4.1 and iPadOS 18.4.1 addresses bypass and code execution vulnerabilities. Apple iOS, iPad... • https://support.apple.com/en-us/122282 •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2025-24213 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24213
31 Mar 2025 — This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. • https://support.apple.com/en-us/122371 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •