Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:
CYBER ALERT
Home / CYBER ALERT
/
Apple Security Updates (AL01/250128/CSIRT-ITA)

Apple Security Updates (AL01/250128/CSIRT-ITA)

Summary

Apple has released security updates to address multiple vulnerabilities in its products.

Note: The vendor states that CVE-2025-24085 is actively being exploited online.

Risk

Vulnerability Community Impact Estimate: Critical (76.66)

Type

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

Affected Products and/or Versions

Apple

  • macOS Sequoia, versions prior to 15.3
  • macOS Sonoma, versions prior to 14.7.3
  • macOS Ventura, versions prior to 13.7.3
  • iOS, versions prior to 18.3
  • iPadOS, versions prior to 18.3
  • tvOS, versions prior to 18.3
  • visionOS, versions prior to 2.3
  • Safari, versions prior to 18.3
  • watchOS, versions prior to 11.3

Mitigation Actions

In line with statements of the vendor, it is recommended to apply the patches following the indications reported in the security bulletins, available in the References section.

CVE
CVE-2024-44172CVE-2025-24113CVE-2025-24140
CVE-2024-44243CVE-2025-24114CVE-2025-24141
CVE-2024-54478CVE-2025-24115CVE-2025-24143
CVE-2024-54497CVE-2025-24116CVE-2025-24145
CVE-2024-54509CVE-2025-24117CVE-2025-24146
CVE-2024-9956CVE-2025-24118CVE-2025-24149
CVE-2025-24085CVE-2025-24120CVE-2025-24150
CVE-2025-24086CVE-2025-24121CVE-2025-24151
CVE-2025-24087CVE-2025-24122CVE-2025-24152
CVE-2025-24092CVE-2025-24123CVE-2025-24153
CVE-2025-24093CVE-2025-24124CVE-2025-24154
CVE-2025-24094CVE-2025-24126CVE-2025-24156
CVE-2025-24096CVE-2025-24127CVE-2025-24158
CVE-2025-24100CVE-2025-24128CVE-2025-24159
CVE-2025-24101CVE-2025-24129CVE-2025-24160
CVE-2025-24102CVE-2025-24130CVE-2025-24161
CVE-2025-24103CVE-2025-24131CVE-2025-24162
CVE-2025-24104CVE-2025-24134CVE-2025-24163
CVE-2025-24106CVE-2025-24135CVE-2025-24166
CVE-2025-24107CVE-2025-24136CVE-2025-24169
CVE-2025-24108CVE-2025-24137CVE-2025-24174
CVE-2025-24109CVE-2025-24138CVE-2025-24176
CVE-2025-24112CVE-2025-24139CVE-2025-24177

References

https://support.apple.com/en-sg/100100

https://support.apple.com/en-sg/122066

https://support.apple.com/en-sg/122067

https://support.apple.com/en-sg/122068

https://support.apple.com/en-sg/122069

https://support.apple.com/en-sg/122070

https://support.apple.com/en-sg/122071

https://support.apple.com/en-sg/122072

https://support.apple.com/en-sg/122073

https://support.apple.com/en-sg/122074

1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Redazione
28 January 2025

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

12 March, 2025

Adobe: Security Updates (AL03/250312/CSIRT-ITA

12 March, 2025

Joomla! Updates (AL04/250312/CSIRT-ITA)

12 March, 2025

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

12 March, 2025

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

12 March, 2025

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

12 March, 2025

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

11 March, 2025

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

11 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

IRISH SUPERVISORY AUTHORITY: The DPC’s handling of Subject Access Requests

7 March, 2025

Vulnerabilities in ServiceNow Products (AL01/250307/CSIRT-ITA)

7 March, 2025

Search in 365TRUST

Our services

LEGAL & COMPLIANCE
PRIVACY & DATA PROTECTION
CYBER & INTELLIGENCE
AUDIT & CERTIFICATION
GOVERNANCE & AWARENESS
TRAINING & KNOWLEDGE