PT-2025-5292 · Apple · Visionos+5
Biscuit
+1
·
Published
2025-01-27
·
Updated
2025-01-31
·
CVE-2025-24117
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iPadOS versions prior to 17.7.4
visionOS versions prior to 2.3
iOS versions prior to 18.3
iPadOS versions prior to 18.3
macOS Sequoia versions prior to 15.3
watchOS versions prior to 11.3
Description
This issue is related to insufficient protection of service data in the Launch Services interface of MacOS, iOS, iPadOS, watchOS, and visionOS operating systems. The problem was solved with an improved redaction of sensitive information. An app may be able to fingerprint the user.
Recommendations
For iPadOS versions prior to 17.7.4, update to iPadOS 17.7.4 or later.
For visionOS versions prior to 2.3, update to visionOS 2.3 or later.
For iOS versions prior to 18.3, update to iOS 18.3 or later.
For iPadOS versions prior to 18.3, update to iPadOS 18.3 or later.
For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3 or later.
For watchOS versions prior to 11.3, update to watchOS 11.3 or later.
Fix
Information Disclosure
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Macos Sequoia
Visionos
Watchos