CVE-2025-24206
First published: Tue Apr 29 2025(Updated: )
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS | <15.4 | |
| tvOS | <18.4 | |
| macOS Ventura | <13.7.5 | |
| Apple iOS, iPadOS, and macOS | <17.7.6 | |
| Apple macOS | <14.7.5 | |
| Apple iOS and iPadOS | <18.4 | |
| Apple iOS, iPadOS, and macOS | <18.4 | |
| visionOS | <2.4 | |
| Apple iOS, iPadOS, and macOS | <17.7.6 | |
| Apple iOS, iPadOS, and macOS | >=18.0<18.4 | |
| iPhone OS | <18.4 | |
| macOS | <13.7.5 | |
| macOS | >=14.0<14.7.5 | |
| macOS | >=15.0<15.4 | |
| tvOS | <18.4 | |
| visionOS | <2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122377
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122378
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
Frequently Asked Questions
What is the severity of CVE-2025-24206?
CVE-2025-24206 is classified as a medium severity vulnerability related to authentication issues.
How do I fix CVE-2025-24206?
To fix CVE-2025-24206, update to the appropriate affected software versions such as macOS Sequoia 15.4 or iPadOS 18.4.
What types of systems are affected by CVE-2025-24206?
CVE-2025-24206 affects Apple systems including macOS Sequoia, tvOS, macOS Ventura, iPadOS, macOS Sonoma, iOS, and visionOS.
What attack vectors are associated with CVE-2025-24206?
CVE-2025-24206 allows an attacker on the local network to potentially bypass authentication policies.
What was improved in the fix for CVE-2025-24206?
The fix for CVE-2025-24206 includes improved state management to address the authentication issue.
- collector/mitre-cve
- source/MITRE
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2025-24252
- alias/CVE-2025-24132
- alias/CVE-2025-24206
- agent/references
- agent/source
- agent/event
- agent/trending
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/macos
- canonical/tvos
- canonical/macos ventura
- canonical/apple ios, ipados, and macos
- canonical/apple macos
- canonical/apple ios and ipados
- canonical/visionos
- version/apple ios, ipados, and macos/18.0
- canonical/iphone os
- version/macos/14.0
- version/macos/15.0