First published: Mon Jan 27 2025(Updated: )
AirPlay. A null pointer dereference was addressed with improved input validation.
Credit: product-security@apple.com Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeArsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher 云散 Mickey Jin @patch1t Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeRodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftYann GASCUEL Alter SolutionsAdam M. PixiePoint Security Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Josh Parnham @joshparnham @RenwaX23 Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityPwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Matej Moravec @MacejkoMoravec Michael (Biscuit) Thomas @social.lol) @biscuit CertiK SkyFall Team Bohdan Stasiuk @Bohdan_Stasiuk Uri Katz (Oligo Security)
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.7.3 | 14.7.3 |
Apple iOS and macOS | <13.7.3 | |
Apple iOS and macOS | >=14.0<14.7.3 | |
Apple iOS and macOS | >=15.0<15.3 | |
macOS | <15.3 | 15.3 |
macOS Ventura | <13.7.3 | 13.7.3 |
macOS Ventura | ||
macOS | ||
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2025-24120 has a high severity rating due to potential exploits involving null pointer dereferences and type confusion.
To fix CVE-2025-24120, update to the latest version of macOS Ventura, Sonoma, or Sequoia as specified in the vendor advisories.
CVE-2025-24120 affects macOS versions prior to 13.7.3, 14.7.3, and 15.3.
CVE-2025-24120 addresses null pointer dereference, type confusion, and input validation issues within AirPlay and AppKit.
Yes, CVE-2025-24120 could potentially allow remote exploitation through specific interactions with AirPlay.