CVE-2025-24206

🟡 Monitoruj

Obejście polityki uwierzytelnienia w iOS umożliwia atakującemu dostęp do systemu.

CVSS

7.7

EPSS

0.1%

Exploit

none

Vendor

apple

Opis źródłowy (NVD)

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.

auth-bypass Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	7.7
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	0.1%
Opublikowano (NVD)	2025-04-29 03:15:34 UTC
Ostatnia modyfikacja (NVD)	2026-04-02 19:19:18 UTC

Referencje

https://support.apple.com/en-us/122371 (product-security@apple.com) [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/122372 (product-security@apple.com) [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/122373 (product-security@apple.com) [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/122374 (product-security@apple.com) [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/122375 (product-security@apple.com) [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/122377 (product-security@apple.com) [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/122378 (product-security@apple.com) [Release Notes, Vendor Advisory]