CVE-2025-24161: 
macOS vulnerability analysis and mitigation

CVE-2025-24161 is a security vulnerability affecting multiple Apple operating systems including iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. The vulnerability was discovered by Google Threat Analysis Group and disclosed on January 27, 2025. The issue involves parsing a file that may lead to an unexpected app termination (Apple Advisory).

The vulnerability is classified with a CVSS v3.1 base score of 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue was identified in the CoreAudio component and was addressed with improved checks. The vulnerability requires local access and user interaction, with no privileges required. While it doesn't impact confidentiality or integrity, it has a high impact on availability (NVD).

The primary impact of this vulnerability is on system availability, where parsing a malicious file can lead to unexpected application termination. The vulnerability affects multiple Apple operating systems and devices, potentially disrupting user operations across a wide range of Apple products (Apple Advisory).

Apple has addressed this vulnerability by implementing improved checks in the affected systems. Users are advised to update to the following versions: iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, or tvOS 18.3, depending on their device (Apple Advisory).