PT-2025-5282 · Apple · Ipados+1
Hakim Boukhadra
+1
·
Published
2025-01-27
·
Updated
2025-04-08
·
CVE-2025-24104
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
iPadOS versions prior to 17.7.4
iOS versions prior to 18.3
iPadOS versions prior to 18.3
Description
The issue is related to the handling of symlinks, which could allow an attacker to modify protected system files by restoring a maliciously crafted backup file. This may lead to arbitrary file reads outside the sandbox. While a mitigation was added in iOS 18.3, it does not fully fix the issue.
Recommendations
For iPadOS versions prior to 17.7.4, update to iPadOS 17.7.4 or later.
For iOS versions prior to 18.3, update to iOS 18.3 or later.
For iPadOS versions prior to 18.3, update to iPadOS 18.3 or later.
As a temporary workaround, consider restricting access to backup files to minimize the risk of exploitation.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios
Ipados