SB2025040106 - Multiple vulnerabilities in iPadOS 17
Published: April 1, 2025 Updated: July 31, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 51 secuirty vulnerabilities.
1) Spoofing attack (CVE-ID: CVE-2025-24113)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can trick the victim into visiting a specially crafted website and spoof the page content.
2) Buffer overflow (CVE-ID: CVE-2024-54543)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2024-54534)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Input validation error (CVE-ID: CVE-2024-54508)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform a denial of service (DoS) attack.
5) Input validation error (CVE-ID: CVE-2024-54502)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform a denial of service (DoS) attack.
6) Use-after-free (CVE-ID: CVE-2025-24085)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in CoreMedia. A local application can execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.7) Buffer overflow (CVE-ID: CVE-2025-24243)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio. A remote attacker can create a specially crafted AMR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Out-of-bounds read (CVE-ID: CVE-2025-24244)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Audio when handling font files. A remote attacker can create a specially crafted WAV file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
9) Buffer overflow (CVE-ID: CVE-2025-24237)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in BiometricKit. A local application can trigger a buffer overflow and terminate the system.
10) Path traversal (CVE-ID: CVE-2025-30429)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to input validation error when processing filenames in Calendar. A local application can break out of its sandbox.
11) Input validation error (CVE-ID: CVE-2025-24212)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of untrusted input in Calendar. A local application can break out of its sandbox.
12) Improper access control (CVE-ID: CVE-2025-24215)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CloudKit. A local application can gain access to private information.
13) Out-of-bounds read (CVE-ID: CVE-2025-24230)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in CoreAudio. A remote attacker can create a specially crafted MP4 file, trick the victim into playing it, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
14) Buffer overflow (CVE-ID: CVE-2025-24190)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system in the context of the WebKit GPU process.
15) Out-of-bounds write (CVE-ID: CVE-2025-24211)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CoreMedia. A remote attacker can create a specially crafted MP4 file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system in the context of the WebKit GPU process.
16) Comparison using wrong factors (CVE-ID: CVE-2024-9681)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.
17) NULL pointer dereference (CVE-ID: CVE-2025-27113)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xmlPatMatch() function in pattern.c. A remote attacker can pass specially crafted XML document to the affected application and perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2024-56171)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
19) Improper access control (CVE-ID: CVE-2025-24221)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Accounts. Sensitive keychain data may be accessible from an iOS backup.
20) Information exposure through log files (CVE-ID: CVE-2025-30447)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Foundation. A local application can access sensitive user data.
21) Out-of-bounds read (CVE-ID: CVE-2025-24210)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreGraphics framework. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
22) State Issues (CVE-ID: CVE-2025-30432)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an state management error in OS kernel. An attacker with physical access to device and having a malicious app installed on the it can attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
23) Improper access control (CVE-ID: CVE-2025-24203)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Kernel. A local application can modify protected parts of the file system.
24) State issues (CVE-ID: CVE-2025-24178)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in libxpc. A local application can break out of its sandbox.
25) Improper access control (CVE-ID: CVE-2025-30426)
The vulnerability allows a local application to enumerate installed apps on device.
The vulnerability exists due to improper access restrictions in NetworkExtension. A local application can enumerate a user's installed apps.
26) Improper authentication (CVE-ID: CVE-2025-30428)
The vulnerability allows an attacker to bypass authentication process.
The vulnerability exists due to missing authentication in Photos. An attacker with access to the device can view photos in the Hidden Photos Album.
27) Improper access control (CVE-ID: CVE-2025-24173)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Power Services. A local application can break out of its sandbox.
28) Input validation error (CVE-ID: CVE-2025-30471)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Security component. A remote attacker can pass specially crafted input to the system and perform a denial of service (DoS) attack.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-30465)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restriction sin Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.
30) Improper access control (CVE-ID: CVE-2025-30433)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access files that are normally inaccessible to the Shortcuts app.
31) Information disclosure (CVE-ID: CVE-2025-24198)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by Siri. An attacker with physical access to device can use Siri to access sensitive user data.
32) State issues (CVE-ID: CVE-2025-24205)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in Siri. A local application can access user-sensitive data.
33) Information disclosure (CVE-ID: CVE-2025-30425)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a state management issue. A remote attacker can track users in Safari private browsing mode.
34) Memory corruption (CVE-ID: CVE-2025-24216)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
35) Memory corruption (CVE-ID: CVE-2025-24264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
36) Use after free (CVE-ID: CVE-2025-30427)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
37) Memory corruption (CVE-ID: CVE-2025-24209)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected process crash.
38) Type confusion (CVE-ID: CVE-2025-24213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Out-of-bounds write (CVE-ID: CVE-2025-24201)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
40) Buffer overflow (CVE-ID: CVE-2025-24131)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device, trigger memory corruption and perform a denial of service (DoS) attack.
41) Information disclosure (CVE-ID: CVE-2025-24270)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in AirPlay. A remote attacker on the local network can gain unauthorized access to sensitive information.
42) Missing authorization (CVE-ID: CVE-2025-24271)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to missing authorization checks in AirPlay. A remote non-authenticated attacker on the same network as a signed-in Mac can send it AirPlay commands without pairing.
43) NULL pointer dereference (CVE-ID: CVE-2025-24177)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device and perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2025-24179)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AirPlay. A remote attacker on the local network can send specially crafted packets to the device and perform a denial of service (DoS) attack.
45) Input validation error (CVE-ID: CVE-2025-24251)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in AirPlay. A remote attacker on the local network can send specially crafted input to the system and perform a denial of service (DoS) attack.
46) Input validation error (CVE-ID: CVE-2025-31197)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in AirPlay. A remote attacker on the local network can send specially crafted input to the system and perform a denial of service (DoS) attack.
47) Use after free (CVE-ID: CVE-2025-24252)
The vulnerability allows a remote attacker on the local network to compromise the affected system.
The vulnerability exists due to a use-after-free error in AirPlay. A remote attacker on the local network can corrupt process memory.
48) Type Confusion (CVE-ID: CVE-2025-30445)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to type confusion error in AirPlay. A remote attacker on the local network can perform a denial of service (DoS) attack.
49) Improper authentication (CVE-ID: CVE-2025-24206)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a state issue in AirPlay when handling authentication requests. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the system.
50) Integer overflow (CVE-ID: CVE-2025-31203)
The vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in CoreUtils. A remote attacker on the local network can send specially crafted input to the system, trigger an integer overflow and perform a denial-of-service attack.
51) Out-of-bounds read (CVE-ID: CVE-2025-43205)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Audio component. A local application can trigger an out-of-bounds read error and read contents of memory on the system, which can lead to ASLR bypass.
Remediation
Install update from vendor's website.