Apple Patches Everything: March 31st 2025 Edition
Today, Apple released updates across all its products: iOS, iPadOS, macOS, tvOS, visionOS, Safari, and XCode. WatchOS was interestingly missing from the patch lineup. This is a feature update for the operating systems, but we get patches for 145 different vulnerabilities in addition to new features. This update includes a patch for CVE-2025-24200 and CVE-2025-24201, two already exploited iOS vulnerabilities, for older iOS/iPadOS versions. Current versions received this patch a few weeks ago.
| Safari 18.4 | Xcode 16.3 | iOS 18.4 and iPadOS 18.4 | iPadOS 17.7.6 | iOS 16.7.11 and iPadOS 16.7.11 | iOS 15.8.4 and iPadOS 15.8.4 | macOS Sequoia 15.4 | macOS Sonoma 14.7.5 | macOS Ventura 13.7.5 | tvOS 18.4 | visionOS 2.4 |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2024-40864: An attacker in a privileged network position can track a user's activity. Affects Apple Account |
||||||||||
| x | x | |||||||||
| CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||||
| x | ||||||||||
| CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||||
| x | ||||||||||
| CVE-2024-54533: An app may be able to access sensitive user data. Affects Spotlight |
||||||||||
| x | x | |||||||||
| CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption. Affects WebKit |
||||||||||
| x | ||||||||||
| CVE-2025-24093: An app may be able to access removable volumes without user consent. Affects Sandbox |
||||||||||
| x | ||||||||||
| CVE-2025-24095: An app may be able to bypass Privacy preferences. Affects RepairKit |
||||||||||
| x | x | |||||||||
| CVE-2025-24097: An app may be able to read arbitrary file metadata. Affects AirDrop |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24113: Visiting a malicious website may lead to user interface spoofing. Affects Safari |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24139: Parsing a maliciously crafted file may lead to an unexpected app termination. Affects sips |
||||||||||
| x | ||||||||||
| CVE-2025-24148: A malicious JAR file may bypass Gatekeeper checks. Affects LaunchServices |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24157: An app may be able to cause unexpected system termination or corrupt kernel memory. Affects Xsan |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24163: Parsing a file may lead to an unexpected app termination. Affects CoreAudio |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24164: An app may be able to modify protected parts of the file system. Affects PackageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24167: A download's origin may be incorrectly associated. Affects Safari |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24170: An app may be able to gain root privileges. Affects CoreServices |
||||||||||
| x | x | |||||||||
| CVE-2025-24172: "Block All Remote Content" may not apply for all mail previews. Affects Mail |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24173: An app may be able to break out of its sandbox. Affects Power Services |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24178: An app may be able to break out of its sandbox. Affects libxpc |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-24180: A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix. Affects Authentication Services |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24181: An app may be able to access protected user data. Affects Sandbox |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24182: Processing a maliciously crafted font may result in the disclosure of process memory. Affects CoreText |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24190: Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. Affects CoreMedia |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24191: An app may be able to modify protected parts of the file system. Affects RPAC |
||||||||||
| x | ||||||||||
| CVE-2025-24192: Visiting a website may leak sensitive data. Affects Web Extensions |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24193: An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos. Affects MobileLockdown |
||||||||||
| x | ||||||||||
| CVE-2025-24194: Processing maliciously crafted web content may result in the disclosure of process memory. Affects libnetcore |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24195: A user may be able to elevate privileges. Affects Libinfo |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24196: An attacker with user privileges may be able to read kernel memory. Affects Kernel |
||||||||||
| x | x | |||||||||
| CVE-2025-24198: An attacker with physical access may be able to use Siri to access sensitive user data. Affects Siri |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24199: An app may be able to cause a denial-of-service. Affects Foundation |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24200: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.. Affects Accessibility |
||||||||||
| x | x | |||||||||
| CVE-2025-24201: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.). Affects WebKit |
||||||||||
| x | x | |||||||||
| CVE-2025-24202: An app may be able to access sensitive user data. Affects Accessibility |
||||||||||
| x | x | |||||||||
| CVE-2025-24203: An app may be able to modify protected parts of the file system. Affects Kernel |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24204: An app may be able to access protected user data. Affects Kernel |
||||||||||
| x | ||||||||||
| CVE-2025-24205: An app may be able to access user-sensitive data. Affects Siri |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24207: An app may be able to enable iCloud storage features without user consent. Affects Storage Management |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24208: Loading a malicious iframe may lead to a cross-site scripting attack. Affects WebKit |
||||||||||
| x | x | |||||||||
| CVE-2025-24209: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24210: Parsing an image may lead to disclosure of user information. Affects ImageIO |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24211: Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. Affects CoreMedia |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24212: An app may be able to break out of its sandbox. Affects Calendar |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24213: A type confusion issue could lead to memory corruption. Affects WebKit |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24214: An app may be able to access sensitive user data. Affects Siri |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24215: A malicious app may be able to access private information. Affects CloudKit |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-24216: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24217: An app may be able to access sensitive user data. Affects Siri |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24218: An app may be able to access information about a user's contacts. Affects Summarization Services |
||||||||||
| x | ||||||||||
| CVE-2025-24221: Sensitive keychain data may be accessible from an iOS backup. Affects Accounts |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24226: A malicious app may be able to access private information. Affects IDE Assets |
||||||||||
| x | ||||||||||
| CVE-2025-24228: An app may be able to execute arbitrary code with kernel privileges. Affects SMB |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24229: A sandboxed app may be able to access sensitive user data. Affects Installer |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24230: Playing a malicious audio file may lead to an unexpected app termination. Affects CoreAudio |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24231: An app may be able to modify protected parts of the file system. Affects Software Update |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24232: A malicious app may be able to access arbitrary files. Affects NSDocument |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24233: A malicious app may be able to read or write to protected files. Affects AppleMobileFileIntegrity |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24234: A malicious app may be able to gain root privileges. Affects AccountPolicy |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24235: A remote attacker may be able to cause unexpected app termination or heap corruption. Affects Kerberos Helper |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24236: An app may be able to access sensitive user data. Affects CoreMedia |
||||||||||
| x | x | |||||||||
| CVE-2025-24237: An app may be able to cause unexpected system termination. Affects BiometricKit |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-24238: An app may be able to gain elevated privileges. Affects libxpc |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-24239: An app may be able to access protected user data. Affects AppleMobileFileIntegrity |
||||||||||
| x | ||||||||||
| CVE-2025-24240: An app may be able to access user-sensitive data. Affects StorageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24241: An app may be able to trick a user into copying sensitive data to the pasteboard. Affects WindowServer |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24242: An app with root privileges may be able to access private information. Affects System Settings |
||||||||||
| x | ||||||||||
| CVE-2025-24243: Processing a maliciously crafted file may lead to arbitrary code execution. Affects Audio |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-24244: Processing a maliciously crafted font may result in the disclosure of process memory. Affects Audio |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-24245: A malicious app may be able to access a user's saved passwords. Affects Authentication Services |
||||||||||
| x | ||||||||||
| CVE-2025-24246: An app may be able to access user-sensitive data. Affects OpenSSH |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24247: An attacker may be able to cause unexpected app termination. Affects WindowServer |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24248: An app may be able to enumerate devices that have signed into the user's Apple Account. Affects Siri |
||||||||||
| x | ||||||||||
| CVE-2025-24249: An app may be able to check the existence of an arbitrary path on the file system. Affects Installer |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24250: A malicious app acting as a HTTPS proxy could get access to sensitive user data. Affects Security |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24253: An app may be able to access protected user data. Affects StorageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24254: A user may be able to elevate privileges. Affects Software Update |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24255: An app may be able to break out of its sandbox. Affects Disk Images |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24256: An app may be able to disclose kernel memory. Affects GPU Drivers |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24257: An app may be able to cause unexpected system termination or write kernel memory. Affects IOGPUFamily |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24259: An app may be able to retrieve Safari bookmarks without an entitlement check. Affects Parental Controls |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24260: An attacker in a privileged position may be able to perform a denial-of-service. Affects smbx |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24261: An app may be able to modify protected parts of the file system. Affects PackageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24262: A sandboxed app may be able to access sensitive user data in system logs. Affects Notes |
||||||||||
| x | ||||||||||
| CVE-2025-24263: An app may be able to observe unprotected user data. Affects StickerKit |
||||||||||
| x | ||||||||||
| CVE-2025-24264: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
||||||||||
| x | ||||||||||
| CVE-2025-24265: An app may be able to cause unexpected system termination. Affects Xsan |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24266: An app may be able to cause unexpected system termination. Affects Xsan |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24267: An app may be able to gain root privileges. Affects DiskArbitration |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24269: An app may be able to cause unexpected system termination. Affects SMB |
||||||||||
| x | ||||||||||
| CVE-2025-24272: An app may be able to modify protected parts of the file system. Affects AppleMobileFileIntegrity |
||||||||||
| x | ||||||||||
| CVE-2025-24273: An app may be able to cause unexpected system termination or corrupt kernel memory. Affects GPU Drivers |
||||||||||
| x | ||||||||||
| CVE-2025-24276: A malicious app may be able to access private information. Affects App Store |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24277: An app may be able to gain root privileges. Affects Crash Reporter |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24278: An app may be able to access protected user data. Affects System Settings |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24279: An app may be able to access contacts. Affects Voice Control |
||||||||||
| x | x | x | ||||||||
| CVE-2025-24280: An app may be able to access user-sensitive data. Affects Shortcuts |
||||||||||
| x | x | |||||||||
| CVE-2025-24281: An app may be able to access sensitive user data. Affects FeedbackLogger |
||||||||||
| x | ||||||||||
| CVE-2025-24282: An app may be able to modify protected parts of the file system. Affects Software Update |
||||||||||
| x | ||||||||||
| CVE-2025-24283: An app may be able to access sensitive user data. Affects Focus |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30424: Deleting a conversation in Messages may expose user contact information in system logging. Affects Photos Storage |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30425: A malicious website may be able to track users in Safari private browsing mode. Affects WebKit |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-30426: An app may be able to enumerate a user's installed apps. Affects NetworkExtension |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-30427: Processing maliciously crafted web content may lead to an unexpected Safari crash. Affects WebKit |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-30428: Photos in the Hidden Photos Album may be viewed without authentication. Affects Photos |
||||||||||
| x | x | |||||||||
| CVE-2025-30429: An app may be able to break out of its sandbox. Affects Calendar |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-30430: Password autofill may fill in passwords after failing authentication. Affects Authentication Services |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30432: A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures. Affects Kernel |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-30433: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. Affects Shortcuts |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-30434: Processing a maliciously crafted file may lead to a cross site scripting attack. Affects Journal |
||||||||||
| x | ||||||||||
| CVE-2025-30435: A sandboxed app may be able to access sensitive user data in system logs. Affects Siri |
||||||||||
| x | ||||||||||
| CVE-2025-30437: An app may be able to corrupt coprocessor memory. Affects IOMobileFrameBuffer |
||||||||||
| x | ||||||||||
| CVE-2025-30438: A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started. Affects Share Sheet |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-30439: An attacker with physical access to a locked device may be able to view sensitive user information. Affects Focus |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30441: An app may be able to overwrite arbitrary files. Affects Instruments |
||||||||||
| x | ||||||||||
| CVE-2025-30443: An app may be able to access user-sensitive data. Affects AppleMobileFileIntegrity |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30444: Mounting a maliciously crafted SMB network share may lead to system termination. Affects SMB |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30446: A malicious app with root privileges may be able to modify the contents of system files. Affects PackageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30447: An app may be able to access sensitive user data. Affects Foundation |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-30449: An app may be able to gain root privileges. Affects StorageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30450: An app may be able to access sensitive user data. Affects manpages |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30451: An app may be able to access sensitive user data. Affects FaceTime |
||||||||||
| x | ||||||||||
| CVE-2025-30452: An input validation issue was addressed. Affects Sandbox |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30454: A malicious app may be able to access private information. Affects CoreMedia Playback |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-30455: A malicious app may be able to access private information. Affects Dock |
||||||||||
| x | x | |||||||||
| CVE-2025-30456: An app may be able to gain root privileges. Affects DiskArbitration |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-30457: A malicious app may be able to create symlinks to protected regions of the disk. Affects SystemMigration |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30458: An app may be able to read files outside of its sandbox. Affects SceneKit |
||||||||||
| x | ||||||||||
| CVE-2025-30460: An app may be able to access protected user data. Affects Automator |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30461: An app may be able to access protected user data. Affects Foundation |
||||||||||
| x | ||||||||||
| CVE-2025-30462: Apps that appear to use App Sandbox may be able to launch without restrictions. Affects dyld |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30463: An app may be able to access sensitive user data. Affects Handoff |
||||||||||
| x | x | |||||||||
| CVE-2025-30464: An app may be able to cause unexpected system termination or corrupt kernel memory. Affects GPU Drivers |
||||||||||
| x | x | |||||||||
| CVE-2025-30465: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. Affects Shortcuts |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-30467: Visiting a malicious website may lead to address bar spoofing. Affects Safari |
||||||||||
| x | x | x | ||||||||
| CVE-2025-30469: A person with physical access to an iOS device may be able to access photos from the lock screen. Affects Photos |
||||||||||
| x | ||||||||||
| CVE-2025-30470: An app may be able to read sensitive location information. Affects Maps |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-30471: A remote user may be able to cause a denial-of-service. Affects Security |
||||||||||
| x | x | x | x | x | x | x | ||||
| CVE-2025-31182: An app may be able to delete files for which it does not have permission. Affects libxpc |
||||||||||
| x | x | x | x | x | x | |||||
| CVE-2025-31183: An app may be able to access sensitive user data. Affects Siri |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-31184: An app may gain unauthorized access to Local Network. Affects Web Extensions |
||||||||||
| x | x | x | x | |||||||
| CVE-2025-31187: An app may be able to modify protected parts of the file system. Affects Dock |
||||||||||
| x | x | x | ||||||||
| CVE-2025-31188: An app may be able to bypass Privacy preferences. Affects StorageKit |
||||||||||
| x | x | x | ||||||||
| CVE-2025-31191: An app may be able to access sensitive user data. Affects CoreServices |
||||||||||
| x | x | x | x | x | ||||||
| CVE-2025-31192: A website may be able to access sensor information without user consent. Affects Safari |
||||||||||
| x | x | x | ||||||||
| CVE-2025-31194: A Shortcut may run with admin privileges without authentication. Affects Shortcuts |
||||||||||
| x | x | x | ||||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
×
![modal content]()
Diary Archives
Comments