Severity
High
Analysis Summary
CVE-2024-40864 CVSS:9.8
The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.
CVE-2025-24235 CVSS:9.8
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
CVE-2025-24242 CVSS:9.8
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
CVE-2025-30427 CVSS:9.8
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-24167 CVSS:9.8
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2024-40864
CVE-2025-24235
CVE-2025-24242
CVE-2025-30427
CVE-2025-24167
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple tvOS - unspecified
- Apple iOS and iPadOS - unspecified
- Apple iPadOS - unspecified
- Apple Safari - unspecified
Remediation
Upgrade to the latest version, available from the Apple security document.