- Vulnerability/
- ZDI-25-188
ZDI-25-188: Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Apr 01 2025(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-24244.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-25-188?
ZDI-25-188 has been classified with a high severity rating due to the potential for sensitive information disclosure.
How do I fix ZDI-25-188?
To mitigate ZDI-25-188, ensure that your Apple macOS is updated to the latest version provided by Apple.
What are the risks associated with ZDI-25-188?
The primary risk associated with ZDI-25-188 is the potential for remote attackers to access sensitive information from affected installations.
Who is affected by ZDI-25-188?
ZDI-25-188 affects installations of Apple macOS that utilize the AudioToolboxCore library.
What actions should I take if I am vulnerable to ZDI-25-188?
If vulnerable to ZDI-25-188, immediately update your Apple macOS to protect against potential exploitation.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-26247
- agent/last-modified-date
- agent/title
- agent/source
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/apple
- canonical/macos