Analysis Summary

CVE-2025-24200 CVSS:7.5

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

CVE-2024-44142 CVSS:7.8

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2025-24099 CVSS:7.8

Apple macOS Ventura could allow a local attacker to gain elevated privileges, caused by an issue in the PackageKit component when using a specially crafted application.

CVE-2024-54543 CVSS:8.8

Apple iOS and iPadOS could allow a remote attacker to corrupt memory, caused by an error in the WebKit component when visiting a specially crafted Web site.

CVE-2024-54499 CVSS:7.8

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the ImageIO component when opening a specially crafted image file.

Impact

• Security Bypass
• Code Execution
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-24200

• CVE-2024-44142

• CVE-2025-24099

• CVE-2024-54543

• CVE-2024-54499

Affected Vendors

Remediation

Upgrade to the latest version, available from the Apple Website.

CVE-2025-24200

CVE-2024-44142

CVE-2025-24099

CVE-2024-54543

CVE-2024-54499