CVE-2025-24177: Input Validation
First published: Mon Jan 27 2025(Updated: )
A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.
Credit: product-security@apple.com Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Mickey Jin @patch1t D4m0n Kirin @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Kirin @Pwnrin Kirin @Pwnrin Matej Moravec @MacejkoMoravec Arsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILan anonymous researcher pattern-f @pattern_F_ an anonymous researcher an anonymous researcher an anonymous researcher Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Kirin @Pwnrin an anonymous researcher Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day Initiativean anonymous researcher an anonymous researcher an anonymous researcher Rodolphe BRUNETTI @eisw0lf Lupus Novaan anonymous researcher Yann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security an anonymous researcher Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Abhay Kailasia @abhay_kailasia CUri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <15.3 | ||
| Apple iOS | <18.3 | |
| Apple iPadOS | <18.3 | |
| <15.3 | 15.3 | |
| Apple iOS | <18.3 | 18.3 |
| Apple iPadOS | <18.3 | 18.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122068 (Advisory)
- https://support.apple.com/en-us/122066 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2025-24126
- CVE-2025-24129
- CVE-2025-24131
- CVE-2025-24177
- CVE-2025-24137
- CVE-2025-24087
- CVE-2025-24112
- CVE-2025-24100
- CVE-2025-24109
- CVE-2025-24114
- CVE-2025-24121
- CVE-2025-24122
- CVE-2025-24127
- CVE-2025-24106
- CVE-2025-24160
- CVE-2025-24161
- CVE-2025-24163
- CVE-2025-24123
- CVE-2025-24124
- CVE-2025-24085
- CVE-2025-24102
- CVE-2025-24134
- CVE-2025-24140
- CVE-2025-24174
- CVE-2025-24086
- CVE-2025-24118
- CVE-2025-24107
- CVE-2025-24159
- CVE-2025-24094
- CVE-2025-24115
- CVE-2025-24116
- CVE-2025-24117
- CVE-2025-24136
- CVE-2025-24101
- CVE-2025-24096
- CVE-2025-24130
- CVE-2025-24169
- CVE-2025-24146
- CVE-2025-24128
- CVE-2025-24113
- CVE-2025-24149
- CVE-2025-24103
- CVE-2025-24108
- CVE-2025-24139
- CVE-2025-24151
- CVE-2025-24152
- CVE-2025-24153
- CVE-2025-24138
- CVE-2025-24176
- CVE-2025-24135
- CVE-2025-24145
- CVE-2025-24092
- CVE-2025-24154
- CVE-2025-24143
- CVE-2025-24158
- CVE-2025-24162
- CVE-2025-24150
- CVE-2025-24120
- CVE-2025-24156
- CVE-2025-24141
- CVE-2025-24104
- CVE-2024-9956
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- collector/apple-support
- source/Apple
- alias/CVE-2025-24129
- alias/CVE-2025-24131
- alias/CVE-2025-24177
- alias/CVE-2025-24137
- alias/CVE-2025-24087
- alias/CVE-2025-24112
- alias/CVE-2025-24100
- alias/CVE-2025-24109
- alias/CVE-2025-24114
- alias/CVE-2025-24121
- alias/CVE-2025-24122
- alias/CVE-2025-24127
- alias/CVE-2025-24106
- alias/CVE-2025-24160
- alias/CVE-2025-24161
- alias/CVE-2025-24163
- alias/CVE-2025-24123
- alias/CVE-2025-24124
- alias/CVE-2025-24085
- alias/CVE-2025-24102
- alias/CVE-2025-24134
- alias/CVE-2025-24140
- alias/CVE-2025-24174
- alias/CVE-2025-24086
- alias/CVE-2025-24118
- alias/CVE-2025-24107
- alias/CVE-2025-24159
- alias/CVE-2025-24094
- alias/CVE-2025-24115
- alias/CVE-2025-24116
- alias/CVE-2025-24117
- alias/CVE-2025-24136
- alias/CVE-2025-24101
- alias/CVE-2025-24096
- alias/CVE-2025-24130
- alias/CVE-2025-24169
- alias/CVE-2025-24146
- alias/CVE-2025-24128
- alias/CVE-2025-24113
- alias/CVE-2025-24149
- alias/CVE-2025-24103
- alias/CVE-2025-24108
- alias/CVE-2025-24139
- alias/CVE-2025-24151
- alias/CVE-2025-24152
- alias/CVE-2025-24153
- alias/CVE-2025-24138
- alias/CVE-2025-24176
- alias/CVE-2025-24135
- alias/CVE-2025-24145
- alias/CVE-2025-24092
- alias/CVE-2025-24154
- alias/CVE-2025-24143
- alias/CVE-2025-24158
- alias/CVE-2025-24162
- alias/CVE-2025-24150
- alias/CVE-2025-24120
- alias/CVE-2025-24156
- alias/CVE-2025-24104
- alias/CVE-2024-9956
- alias/CVE-2025-24126
- vendor/apple
- canonical/apple ios
- canonical/apple ipados