Severity
High
Analysis Summary
CVE-2025-24258 CVSS:7.8
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges.
CVE-2025-24274 CVSS:7.8
An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.
CVE-2025-24111 CVSS:7.5
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
CVE-2025-31260 CVSS:7.5
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVE-2025-31221 CVSS:7.5
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-24258
CVE-2025-24274
CVE-2025-24111
CVE-2025-31260
CVE-2025-31221
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple tvOS - unspecified
- Apple visionOS - unspecified
- Apple watchOS - unspecified
- Apple iPadOS - unspecified
Remediation
Refer to Apple's security Advisory for patch, upgrade, or suggested workaround information.