Analysis Summary

CVE-2025-24258 CVSS:7.8

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges.

CVE-2025-24274 CVSS:7.8

An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.

CVE-2025-24111 CVSS:7.5

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

CVE-2025-31260 CVSS:7.5

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.

CVE-2025-31221 CVSS:7.5

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.

Impact

• Gain Access

Indicators of Compromise

CVE

• CVE-2025-24258

• CVE-2025-24274

• CVE-2025-24111

• CVE-2025-31260

• CVE-2025-31221

Affected Vendors

Remediation

Refer to Apple's security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-24258

CVE-2025-24274

CVE-2025-24111

CVE-2025-31260

CVE-2025-31221