CRITICAL🇵🇱 Wersja polska

CVE-2025-24195

CVSS 9.8v3.1pub. 2025-03-31upd. 2026-04-02

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user may be able to elevate privileges.

🤖 AI Analysis
How it works

The vulnerability consists of an integer overflow during input data processing by a macOS system component. An attacker can supply specially crafted input data that causes incorrect arithmetic calculations, leading to unexpected system behavior. Apple resolved the issue by introducing improved input validation. The vulnerability is classified as CWE-276, which indicates improper default permissions.

Impact

A user with limited privileges can obtain elevated system privileges (privilege escalation), potentially gaining control over resources and data protected by higher privilege levels.

Mitigation & patch

The system should be updated to the following versions: macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5. Updates are available through the Software Update mechanism in macOS and on the manufacturer's pages: https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375.

Who is affected

Apple macOS Sequoia versions earlier than 15.4, Apple macOS Sonoma versions earlier than 14.7.5, Apple macOS Ventura versions earlier than 13.7.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    13.0 – 13.7.5 (bez)14.0 – 14.7.5 (bez)15.0 – 15.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki