Description
This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: 1.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from insufficient memory handling within Apple's video decoding subsystem, enabling a maliciously crafted video file to cause uncontrolled memory corruption or overrun. This can lead to the abrupt termination of an application or the corruption of its own memory space. The weakness is categorized as CWE‑400, signifying a failure in resource and memory control.

Affected Systems

Apple’s operating systems—iOS, iPadOS, macOS, tvOS, and visionOS—are impacted. The fix is included in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, and visionOS 2.4. Based on the fixed versions, earlier releases of these platforms are assumed to be vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while the EPSS score of 2 % suggests a low but non‑negligible likelihood of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely the delivery of a maliciously crafted video file to the device—through local storage, email attachment, cloud sync, or online download—potentially resulting in memory corruption or application termination, a local denial of service for the affected device.

Generated by OpenCVE AI on June 18, 2026 at 07:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OS update that includes the memory handling fix (iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4).
  • If an update is not yet available, restrict playback of untrusted or unknown video files on the affected devices and, if possible, disable media decoding in production applications until the patch is applied.
  • Configure network and email filtering to block or quarantine suspicious media files before they reach end‑user devices.

Generated by OpenCVE AI on June 18, 2026 at 07:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8988 This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Malicious Video File Exploits Memory Corruption in Apple's Video Decoding Subsystem

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Malicious Video File Exploits Memory Corruption in Apple's Video Decoding Subsystem

Tue, 16 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Memory Handling Vulnerability in Video Processing Causing App Termination or Memory Corruption

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Memory Handling Vulnerability in Video Processing Causing App Termination or Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

Mon, 03 Nov 2025 21:30:00 +0000


Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Tue, 01 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:29.898Z

Reserved: 2025-01-17T00:00:45.002Z

Link: CVE-2025-24211

cve-icon Vulnrichment

Updated: 2025-11-03T21:08:23.455Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:19.087

Modified: 2026-06-17T08:58:19.427

Link: CVE-2025-24211

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:15:17Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption