Description
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.
Published: 2025-01-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update
AI Analysis

Impact

A null pointer dereference can lead to a denial‑of‑service condition. The flaw was triggered by inadequate input validation, allowing an attacker to cause a crash in the affected operating systems. This weakness is identified as CWE‑476 and, while it does not grant code execution, it disrupts device operation until a reboot or an update is applied.

Affected Systems

Apple releases of iOS, iPadOS and macOS are vulnerable until specific patches are installed. On iOS, the flaw was fixed in version 18.3. iPadOS requires upgrade to 18.3 or 17.7.6. macOS users should update to Sequoia 15.3, Sonoma 14.7.5, or Ventura 13.7.5 to eliminate the issue.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity threat with a considerable impact on availability. The EPSS score of less than 1% suggests low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Because the attack vector is local network, an adversary that can reach a device on the same network may trigger a crash, leading to temporary downtime of user applications and services.

Generated by OpenCVE AI on April 28, 2026 at 03:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install iOS 18.3 or later to address the null pointer dereference.
  • Update iPadOS to 18.3 or 17.7.6 and macOS to Sequoia 15.3, Sonoma 14.7.5, or Ventura 13.7.5.
  • Enable automatic updates or apply the updates manually on all devices that could be reached via a local network.

Generated by OpenCVE AI on April 28, 2026 at 03:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3670 A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.
History

Tue, 28 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Null Pointer Dereference in Apple iOS, iPadOS and macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service. A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Weaknesses CWE-476
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.
References

Subscriptions

Apple Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:38.343Z

Reserved: 2025-01-17T00:00:44.992Z

Link: CVE-2025-24177

cve-icon Vulnrichment

Updated: 2025-11-03T21:06:25.147Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:20.750

Modified: 2026-04-02T19:19:13.547

Link: CVE-2025-24177

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:00:05Z

Weaknesses