CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30456 – Apple Security Advisory 03-31-2025-9
https://notcve.org/view.php?id=CVE-2025-30456
31 Mar 2025 — A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54564
https://notcve.org/view.php?id=CVE-2024-54564
20 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. • https://support.apple.com/en-us/120909 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44276
https://notcve.org/view.php?id=CVE-2024-44276
17 Mar 2025 — This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. • https://support.apple.com/en-us/121837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://support.apple.com/en-us/122281 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54558
https://notcve.org/view.php?id=CVE-2024-54558
10 Mar 2025 — A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. • https://support.apple.com/en-us/121238 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-54467 – webkitgtk: A malicious website may exfiltrate data cross-origin
https://notcve.org/view.php?id=CVE-2024-54467
10 Mar 2025 — A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. A flaw was found in WebKitGTK. A malicious website may exfiltrate data cross-origin due to a cookie management issue related to improper state management. • https://support.apple.com/en-us/121238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44227
https://notcve.org/view.php?id=CVE-2024-44227
10 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-54560
https://notcve.org/view.php?id=CVE-2024-54560
10 Mar 2025 — A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. • https://support.apple.com/en-us/121238 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper checks. • https://support.apple.com/en-us/121238 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54469
https://notcve.org/view.php?id=CVE-2024-54469
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information. • https://support.apple.com/en-us/121234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •