A logic error was addressed with improved error handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Parsing an image may lead to disclosure of user information.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NApple iPadOS
OSApple< 17.7.618.0 – 18.4 (bez)Apple iOS
OSApple< 18.4Apple macOS
OSApple13.0 – 13.7.5 (bez)14.0 – 14.7.5 (bez)15.0 – 15.4 (bez)Apple tvOS
OSApple< 18.4Apple Visionos
OSApple< 2.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Apple — memory corruption (RCE) w przetwarzaniu strumieni audio
CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach
CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki