CVE-2025-24143

CVSS 6.5 MEDIUMEPSS 0.8%CWE-862

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 ene 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Productos afectados

Apple · iOS and iPadOS Apple · macOS Apple · Safari Apple · visionOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://seclists.org/fulldisclosure/2025/Jan/13 http://seclists.org/fulldisclosure/2025/Jan/15 http://seclists.org/fulldisclosure/2025/Jan/20 https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html https://support.apple.com/en-us/122066 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122073 https://support.apple.com/en-us/122074