CVE-2025-24198
📋 TL;DR
This vulnerability allows an attacker with physical access to a locked Apple device to use Siri to access sensitive user data. It affects macOS, iOS, and iPadOS devices running outdated versions. The issue was addressed by restricting options offered on locked devices.
💻 Affected Systems
- macOS
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
An attacker could access personal data, messages, contacts, photos, or other sensitive information stored on the device while it is locked.
Likely Case
An attacker with brief physical access could retrieve limited sensitive information through Siri voice commands.
If Mitigated
With proper controls like disabling Siri on lock screen, the impact is minimal as physical access alone would not enable data access.
🎯 Exploit Status
Exploitation requires physical access to the device and knowledge of Siri voice commands that could reveal sensitive data.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Ventura 13.7.5, iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Go to General > Software Update. 3. Install the latest available update. 4. Restart the device when prompted.
🔧 Temporary Workarounds
Disable Siri on Lock Screen
allPrevents Siri from being accessible when the device is locked.
🧯 If You Can't Patch
- Disable Siri on lock screen in device settings
- Implement physical security controls to prevent unauthorized device access
🔍 How to Verify
Check if Vulnerable:
Check if device version is older than the patched versions listed in affected_systems.versionsCheck Version:
macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > VersionVerify Fix Applied:
Verify device is running one of the patched versions listed in fix_official.patch_version📡 Detection & Monitoring
Log Indicators:
- Unusual Siri activation patterns while device is locked
Network Indicators:
- None - this is a local physical access vulnerability
SIEM Query:
Not applicable - no network exploitation involved🔗 References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/5
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
