High Threat Security Alert (A25-01-18): Multiple Vulnerabilities in Apple Products


 

Published on: 28 January 2025

  
  

Description:

Apple has released iOS 18.3, iPadOS 17.7.4, iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3 and Safari 18.3 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/122066
https://support.apple.com/en-us/122067
https://support.apple.com/en-us/122068
https://support.apple.com/en-us/122069
https://support.apple.com/en-us/122070
https://support.apple.com/en-us/122074

Reports indicated that the elevation of privilege (CVE-2025-24085) is being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone XS and later
  • iPad 6th generation and later, Air 3rd generation and later, mini 5th generation later, Pro 10.5-inch, Pro 11-inch 1st generation and later, Pro 12.9-inch 2rd generation and later, Pro 13-inch
  • macOS Sequoia prior to version 15.3, macOS Sonoma prior to version 14.7.3 and macOS Ventura prior to version 13.7.3
  • Safari version prior to 18.3

 

Impact:

A successful exploitation could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected device.

 

Recommendation:

Patches for affected products are available. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/122066
  • https://support.apple.com/en-us/122067
  • https://support.apple.com/en-us/122068
  • https://support.apple.com/en-us/122069
  • https://support.apple.com/en-us/122070
  • https://support.apple.com/en-us/122074
  • https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20250128
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9956
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44172
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44243
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54478
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54497
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54507
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24085 (to CVE-2025-24087)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24092 (to CVE-2025-24094)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24096
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24100 (to CVE-2025-24104)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24106 (to CVE-2025-24109)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24112 (to CVE-2025-24118)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24120 (to CVE-2025-24124)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24126 (to CVE-2025-24131)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24134 (to CVE-2025-24141)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24143
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24145 (to CVE-2025-24146)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24149 (to CVE-2025-24154)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24156
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24158 (to CVE-2025-24163)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24166
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24169
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24174
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24176 (to CVE-2025-24177)


Tag: Apple , iOS , iPadOS , macOS , Safari
Tags