Vulnerability-Lookup

CNVD-2025-19514

Vulnerability from cnvd - Published: 2025-08-27

Title

Apple macOS Sequoia和Apple macOS Sonoma拒绝服务漏洞

Description

Apple macOS Sequoia和Apple macOS Sonoma都是美国苹果（Apple）公司的一款操作系统。 Apple macOS Sequoia和Apple macOS Sonoma存在拒绝服务漏洞，攻击者可利用该漏洞导致拒绝服务。

Severity

中

Patch Name

Apple macOS Sequoia和Apple macOS Sonoma拒绝服务漏洞的补丁

Patch Description

Apple macOS Sequoia和Apple macOS Sonoma都是美国苹果（Apple）公司的一款操作系统。 Apple macOS Sequoia和Apple macOS Sonoma存在拒绝服务漏洞，攻击者可利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://support.apple.com/en-us/122068

Reference

https://support.apple.com/en-us/122068

Impacted products

Name
['Apple macOS Sequoia <15.3', 'Apple macOS Sonoma <14.7.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-24161",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-24161"
    }
  },
  "description": "Apple macOS Sequoia\u548cApple macOS Sonoma\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nApple macOS Sequoia\u548cApple macOS Sonoma\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/122068",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-19514",
  "openTime": "2025-08-27",
  "patchDescription": "Apple macOS Sequoia\u548cApple macOS Sonoma\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple macOS Sequoia\u548cApple macOS Sonoma\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Sequoia\u548cApple macOS Sonoma\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple macOS Sequoia \u003c15.3",
      "Apple macOS Sonoma \u003c14.7.3"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/122068",
  "serverity": "\u4e2d",
  "submitTime": "2025-02-10",
  "title": "Apple macOS Sequoia\u548cApple macOS Sonoma\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2025-24161 (GCVE-0-2025-24161)

Vulnerability from cvelistv5 – Published: 2025-01-27 21:46 – Updated: 2025-11-03 21:05

Summary

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Parsing a file may lead to an unexpected app termination

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/122069
	https://support.apple.com/en-us/122073
	https://support.apple.com/en-us/122072
	https://support.apple.com/en-us/122068
	https://support.apple.com/en-us/122067
	https://support.apple.com/en-us/122071
	https://support.apple.com/en-us/122066

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < 14.7 (custom)

Apple	visionOS	Affected: unspecified , < 2.3 (custom)
Apple	tvOS	Affected: unspecified , < 18.3 (custom)
Apple	macOS	Affected: unspecified , < 15.3 (custom)
Apple	iPadOS	Affected: unspecified , < 17.7 (custom)
Apple	watchOS	Affected: unspecified , < 11.3 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 18.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-24161",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T16:32:37.696041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T21:32:25.352Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:05:10.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jan/19"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jan/18"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jan/16"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jan/15"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jan/14"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jan/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Parsing a file may lead to an unexpected app termination",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T21:46:20.643Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/122069"
        },
        {
          "url": "https://support.apple.com/en-us/122073"
        },
        {
          "url": "https://support.apple.com/en-us/122072"
        },
        {
          "url": "https://support.apple.com/en-us/122068"
        },
        {
          "url": "https://support.apple.com/en-us/122067"
        },
        {
          "url": "https://support.apple.com/en-us/122071"
        },
        {
          "url": "https://support.apple.com/en-us/122066"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-24161",
    "datePublished": "2025-01-27T21:46:20.643Z",
    "dateReserved": "2025-01-17T00:00:44.987Z",
    "dateUpdated": "2025-11-03T21:05:10.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-19514

CVE-2025-24161 (GCVE-0-2025-24161)

Tags

Sightings

Nomenclature