CRITICAL🇵🇱 Wersja polska

CVE-2025-24247

CVSS 9.8v3.1pub. 2025-03-31upd. 2026-04-02

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker may be able to cause unexpected app termination.

🤖 AI Analysis
How it works

The bug consists of improper discrimination of data types (type confusion) when processing specific input data. An attacker can remotely, without authentication and without user interaction, send crafted data causing incorrect type interpretation by the system. This results in uncontrolled termination of the running application. Apple eliminated the vulnerability by introducing additional type checks as part of the system update.

Impact

An attacker can cause unexpected termination (crash) of an application running on a vulnerable system, leading to denial of service (DoS). According to the CVSS vector, potential violation of data confidentiality and integrity is also possible.

Mitigation & patch

The system should be updated to macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5, in which Apple introduced a fix. Detailed information is available at: https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375.

Who is affected

Apple macOS Sequoia before version 15.4, macOS Sonoma before version 14.7.5, macOS Ventura before version 13.7.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    13.0 – 13.7.5 (bez)14.0 – 14.7.5 (bez)15.0 – 15.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki