Severity
High
Analysis Summary
CVE-2025-24200 CVSS:7.5
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
CVE-2024-44142 CVSS:7.8
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2025-24099 CVSS:7.8
Apple macOS Ventura could allow a local attacker to gain elevated privileges, caused by an issue in the PackageKit component when using a specially crafted application.
CVE-2024-54543 CVSS:8.8
Apple iOS and iPadOS could allow a remote attacker to corrupt memory, caused by an error in the WebKit component when visiting a specially crafted Web site.
CVE-2024-54499 CVSS:7.8
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the ImageIO component when opening a specially crafted image file.
Impact
- Security Bypass
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-24200
CVE-2024-44142
CVE-2025-24099
CVE-2024-54543
CVE-2024-54499
Affected Vendors
- Apple
Affected Products
- Apple iPadOS - 18.3.0
- Apple iOS - 18.3.0
- Apple iPadOS - 17.7.4
- Apple GarageBand - 10.4.11
- Apple macOS Ventura- 13.7.2
- Apple iPadOS - 18.2
- Apple iOS - 18.2
Remediation
Upgrade to the latest version, available from the Apple Website.