CVE-2025-24160
📋 TL;DR
This vulnerability in Apple operating systems allows parsing a malicious file to cause unexpected app termination (denial of service). It affects users running vulnerable versions of iOS, iPadOS, macOS, visionOS, watchOS, and tvOS.
💻 Affected Systems
- iOS
- iPadOS
- macOS
- visionOS
- watchOS
- tvOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Malicious file causes critical application or system service to crash, potentially disrupting device functionality or causing data loss in unsaved work.
Likely Case
Targeted app crashes when processing a specially crafted file, requiring user restart of the application.
If Mitigated
With proper file handling controls and user awareness, impact is limited to isolated app crashes without system compromise.
🎯 Exploit Status
Exploitation requires user to open a malicious file. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3
Vendor Advisory: https://support.apple.com/en-us/122066
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update for your device. 4. Restart device when prompted.
🔧 Temporary Workarounds
Restrict file sources
allOnly open files from trusted sources and avoid downloading/opening files from unknown or untrusted origins.
Use application sandboxing
allEnsure applications run with appropriate sandboxing to limit impact of crashes.
🧯 If You Can't Patch
- Implement application allowlisting to restrict which apps can open files
- Deploy endpoint protection that scans files before opening
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software Version. Compare against patched versions listed in fix_official.patch_version.Check Version:
Settings > General > About > Software Version (Apple devices)Verify Fix Applied:
Verify device is running one of the patched versions listed in fix_official.patch_version.📡 Detection & Monitoring
Log Indicators:
- Application crash logs showing unexpected termination during file parsing
- System logs showing app crashes with file handling errors
Network Indicators:
- Unusual file downloads followed by application crashes
- Multiple devices experiencing similar app crashes
SIEM Query:
source="apple_system_logs" AND (event="app_crash" OR event="process_termination") AND message="*parsing*" OR message="*file*"🔗 References
- https://support.apple.com/en-us/122066
- https://support.apple.com/en-us/122067
- https://support.apple.com/en-us/122068
- https://support.apple.com/en-us/122069
- https://support.apple.com/en-us/122071
- https://support.apple.com/en-us/122072
- https://support.apple.com/en-us/122073
- http://seclists.org/fulldisclosure/2025/Jan/13
- http://seclists.org/fulldisclosure/2025/Jan/14
- http://seclists.org/fulldisclosure/2025/Jan/15
- http://seclists.org/fulldisclosure/2025/Jan/16
- http://seclists.org/fulldisclosure/2025/Jan/18
- http://seclists.org/fulldisclosure/2025/Jan/19
