- Vulnerability/
- ZDI-CAN-26247
ZDI-CAN-26247: ZDI-25-188: Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Apr 01 2025(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-24244.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-26247?
The severity of ZDI-CAN-26247 is rated as high due to its potential to disclose sensitive information.
How do I fix ZDI-CAN-26247?
To fix ZDI-CAN-26247, ensure that you update your Apple macOS to the latest version that addresses this vulnerability.
Who is affected by ZDI-CAN-26247?
Users of Apple macOS with versions that interact with the AudioToolboxCore library are affected by ZDI-CAN-26247.
What types of information can be disclosed due to ZDI-CAN-26247?
ZDI-CAN-26247 can potentially allow remote attackers to disclose sensitive information specific to the affected installations.
How does the exploitation of ZDI-CAN-26247 occur?
Exploitation of ZDI-CAN-26247 occurs through interaction with the AudioToolboxCore library, depending on the specific implementation.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-26247
- agent/title
- agent/last-modified-date
- agent/source
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/apple
- canonical/macos