VDB
WID-SEC-W-2025-0668
WID-SEC-W-2025-0668
PUBLISHED
CVSS 8.699999809265137 HIGH
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple macOS Sonoma <14.7.5 | ||
| Apple macOS Sequoia 15.4 | ||
| Apple macOS Sonoma 14.7.5 | ||
| Apple macOS Sequoia <15.4 | ||
| Apple macOS Ventura <13.7.5 | ||
| Apple macOS Ventura 13.7.5 | ||
| SUSE Linux |
Exploit Intelligence
- Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
- Basic customization app using CVE-2025-24203. Patched in iOS 18.4. (github-poc-repo)
- Demonstrate CVE-2025-24257 with a public PoC for IOGPUFamily kernel heap OOB read/write and panic analysis (github-poc-repo)
- Demonstrate CVE-2025-24257 with a public PoC for IOGPUFamily kernel heap OOB read/write and panic analysis (github-poc)
- FairPlay decryptor (dump iPA) for iOS Application that running on macOS with SIP-enabled, using CVE-2025-24204. Support macOS 15.0-15.2 (github-poc)
- PoC and technical details of CVE-2025-24204 (github-poc)
- CVE-2025-24203漏洞 (github-poc)
- Slightly improved exploit of the CVE-2025-24203 iOS vulnerability by Ian Beer of Google Project Zero (github-poc)
- Basic customization app using CVE-2025-24203. Patched in iOS 18.4. (github-poc)
- Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc)
…and 31 more exploits
Timeline
- Mar 31, 2025 CVE Published
- Jun 11, 2025 CVE Updated
References
- https://support.apple.com/en-us/122374 url
- https://support.apple.com/en-us/122373 url
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0668.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0668 advisory
- https://support.apple.com/en-us/122375 url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24085&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url url
- https://lists.suse.com/pipermail/sle-security-updates/2025-June/021061.html url