Summary
Apple has released security updates to address multiple vulnerabilities in its products.
Note: The vendor states that CVE-2025-24085 is actively being exploited online.
Risk
Vulnerability Community Impact Estimate: Critical (76.66)
Type
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
- Data Manipulation
Affected Products and/or Versions
Apple
- macOS Sequoia, versions prior to 15.3
- macOS Sonoma, versions prior to 14.7.3
- macOS Ventura, versions prior to 13.7.3
- iOS, versions prior to 18.3
- iPadOS, versions prior to 18.3
- tvOS, versions prior to 18.3
- visionOS, versions prior to 2.3
- Safari, versions prior to 18.3
- watchOS, versions prior to 11.3
Mitigation Actions
In line with statements of the vendor, it is recommended to apply the patches following the indications reported in the security bulletins, available in the References section.
References
https://support.apple.com/en-sg/100100
https://support.apple.com/en-sg/122066
https://support.apple.com/en-sg/122067
https://support.apple.com/en-sg/122068
https://support.apple.com/en-sg/122069
https://support.apple.com/en-sg/122070
https://support.apple.com/en-sg/122071
https://support.apple.com/en-sg/122072
https://support.apple.com/en-sg/122073
https://support.apple.com/en-sg/122074
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
