CVE-2025-24237
🟠 Łataj w tym tygodniu
Przepełnienie bufora w iOS może prowadzić do niespodziewanego zakończenia działania systemu.
CVSS
9.8
EPSS
2.5%
Exploit
none
Vendor
apple
Opis źródłowy (NVD)
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 2.5% |
| Opublikowano (NVD) | 2025-03-31 23:15:20 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-02 19:19:24 UTC |
Referencje
- https://support.apple.com/en-us/122371 (product-security@apple.com) [Vendor Advisory]
- https://support.apple.com/en-us/122372 (product-security@apple.com) [Vendor Advisory]
- https://support.apple.com/en-us/122373 (product-security@apple.com) [Vendor Advisory]
- https://support.apple.com/en-us/122374 (product-security@apple.com) [Vendor Advisory]
- https://support.apple.com/en-us/122375 (product-security@apple.com) [Vendor Advisory]
- https://support.apple.com/en-us/122376 (product-security@apple.com)
- https://support.apple.com/en-us/122378 (product-security@apple.com) [Vendor Advisory]
- http://seclists.org/fulldisclosure/2025/Apr/10 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/Apr/12 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/Apr/13 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/Apr/4 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/Apr/5 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/Apr/8 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/Apr/9 (af854a3a-2127-422b-91ae-364da2661108)