Security Advisory

Apple Family January 2025 Security Update Advisory

  • Jan 31 2025

Overview

We have released a security update to address a vulnerability in Apple products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

CVE-2024-9956, CVE-2024-54509, CVE-2024-54478, CVE-2025-24085, CVE-2025-24093, CVE-2025-24102, CVE-2025-24106, CVE-2025-24107, CVE-2025-24109, CVE-2025-24118, CVE-2025-24123, CVE-2025-24124, CVE-2025-24126, CVE-2025-24126, CVE-2025-24130, CVE-2025-24135, CVE-2025-24137, CVE-2025-24139, CVE-2025-24146, CVE-2025-24150, CVE-2025-24151, CVE-2025-24154, CVE-2025-24156, CVE-2025-24159, CVE-2025-24162, CVE-2025-24163, CVE-2025-24169, CVE-2025-24174, CVE-2025-24176, CVE-2025-24177
 

  • Safari version: ~18.3 (excluded)
  • tvOS version: ~18.3 (excluded)
  • watchOS version: ~11.3 (excluded)
  • macOS Ventura version: ~13.7.3 (excluded)
  • macOS Sonoma version: ~14.7.3 (excluded)
  • macOS Sequoia version: ~15.3 (excluded)
  • iPadOS version: ~17.7.4 (excluded)
  • iPadOS version: ~18.3 (excluded)
  • iOS version: ~18.3 (excluded)

 

 

Resolved Vulnerabilities

vulnerability that could allow an app to gain unauthorized access to Bluetooth (CVE-2024-9956)
vulnerability that could allow an app to crash or write kernel memory (CVE-2024-54509)
vulnerability that could allow a malicious application to escalate privileges (CVE-2025-24085)
vulnerability that allows apps to access removable volumes without user consent (CVE-2025-24093)
vulnerability where an app determines the user’s current location (CVE-2025-24102)
vulnerabilities that allow apps to crash when parsing files (CVE-2025-24106, CVE-2025-24123, CVE-2025-24124, CVE-2025-24163)
vulnerability that allows malicious apps to gain root privileges (CVE-2025-24107)
vulnerability that allows an app to access sensitive user data (CVE-2025-24109)
vulnerability that could allow an app to crash the system or write kernel memory (CVE-2025-24118)
vulnerability that could allow a local network attacker to cause an unexpected system shutdown or corrupt process memory (CVE-2025-24126)
vulnerability that could allow an app to modify protected parts of the file system (CVE-2025-24130)
vulnerabilities that could allow an app to increase its privileges (CVE-2025-24135, CVE-2025-24156)
vulnerability that could allow a remote attacker to cause unexpected application termination or arbitrary code execution (CVE-2025-24137)
vulnerability where parsing a maliciously crafted file could cause the app to crash (CVE-2025-24139)
deleting a conversation in the Messages app could expose user contact information in the system log history (CVE-2025-24146)
Command injection vulnerability when copying a URL in the Web Inspector (CVE-2025-24150)
vulnerability that could cause an app to crash or corrupt kernel memory (CVE-2025-24151)
vulnerability in Skeleton that could allow a user to crash the system or corrupt kernel memory (CVE-2025-24154)
vulnerability that allows apps to execute arbitrary code with kernel privileges (CVE-2025-24159)
vulnerabilities that could cause a process crash when handling maliciously crafted web content (CVE-2025-24162, CVE-2024-54478)
vulnerability that allows malicious apps to bypass browser extension authentication (CVE-2025-24169)
vulnerability that allows apps to bypass privacy preferences (CVE-2025-24174)
vulnerability that allows a local attacker to increase their privileges (CVE-2025-24176)
vulnerability that could allow a remote attacker to cause a denial of service (CVE-2025-24177)

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

The following vulnerabilities have been patched: CVE-2024-9956, CVE-2024-54509, CVE-2024-54478, CVE-2025-24085, CVE-2025-24093, CVE-2025-24102, CVE-2025-24106, CVE-2025-24107, CVE-2025-24109, CVE-2025-24118, CVE-2025-24123, CVE-2025-24124, CVE-2025-24126, CVE-2025-24126, CVE-2025-24130, CVE-2025-24135, CVE-2025-24137, CVE-2025-24139, CVE-2025-24146, CVE-2025-24150, CVE-2025-24151, CVE-2025-24154, CVE-2025-24156, CVE-2025-24159, CVE-2025-24162, CVE-2025-24163, CVE-2025-24169, CVE-2025-24174, CVE-2025-24176, CVE-2025-24177

  • Safari version: 18.3
  • tvOS version: 18.3
  • watchOS version: 11.3
  • macOS Ventura version: 13.7.3
  • macOS Sonoma version: 14.7.3
  • macOS Sequoia version: 15.3
  • iPadOS version: 17.7.4
  • iPadOS version: 18.3
  • iOS version: 18.3

 

 

References

[1] About the security content of Safari 18.3
https://support.apple.com/ko-kr/122074
[2] About the security content of tvOS 18.3
https://support.apple.com/ko-kr/122072
[3] About the security content of watchOS 11.3
https://support.apple.com/ko-kr/122071
[4] About the security content of macOS Ventura 13.7.3
https://support.apple.com/ko-kr/122070
[5] About the security content of macOS Sequoia 15.3
https://support.apple.com/ko-kr/122068
[6] About secure content in iPadOS 17.7.4
https://support.apple.com/ko-kr/122067
[7] About secure content in iOS 18.3 and iPadOS 18.3
https://support.apple.com/ko-kr/122066
[8] About the security content of visionOS 2.3
https://support.apple.com/ko-kr/122073

Tags:

Previous Post

Next Post