CVE-2025-24179

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.7.6 (excluding)
Ipados	Apple	18.0 (including)	18.3 (excluding)
Iphone_os	Apple	*	18.3 (excluding)
Macos	Apple	*	13.7.5 (excluding)
Macos	Apple	14.0 (including)	14.7.5 (excluding)
Macos	Apple	15.0 (including)	15.3 (excluding)
Tvos	Apple	*	18.3 (excluding)
Visionos	Apple	*	2.3 (excluding)

Potential Mitigations

References

https://support.apple.com/en-us/122066
https://support.apple.com/en-us/122068
https://support.apple.com/en-us/122072
https://support.apple.com/en-us/122073
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-24179
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References