Description
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

An out-of-bounds read flaw was discovered in Apple’s audio processing system. The vulnerability allows a crafted audio file to be played that causes the application to read beyond valid memory limits, resulting in an unexpected termination. This maps to CWE-125 and effectively allows a local denial of service by crashing the affected app. The description indicates no confirmed data exposure, only crash behavior.

Affected Systems

The issue affects Apple’s operating systems: iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Vulnerable releases are iOS 18.4, iPadOS 18.4 and 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4.

Risk and Exploitability

With a CVSS score of 9.8 the flaw is considered critical, while an EPSS score of less than 1% suggests low exploitation probability and it is not listed in CISA’s KEV catalog. The most likely attack vector involves a local or network-delivered malicious audio file provided to the user or injected into media playback. Although the immediate impact is a crash, the high severity warrants urgent patching.

Generated by OpenCVE AI on April 28, 2026 at 03:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that include the fixed releases (iOS 18.4+, iPadOS 18.4 or 17.7.6+, macOS Sequoia 15.4+, macOS Sonoma 14.7.5+, macOS Ventura 13.7.5+, tvOS 18.4+, visionOS 2.4+, watchOS 11.4+).
  • If updating immediately is not possible, limit audio playback to trusted or signed sources and avoid auto-loading arbitrary media files.
  • Review third-party audio libraries and applications for safe handling of media; remove or replace those that cannot be updated until a patch is applied.

Generated by OpenCVE AI on April 28, 2026 at 03:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8979 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.
History

Tue, 28 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Title Out-of-bounds read in audio playback causes application crash

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination. An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination.
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Thu, 03 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 02 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:59.716Z

Reserved: 2025-01-17T00:00:45.005Z

Link: CVE-2025-24230

cve-icon Vulnrichment

Updated: 2025-11-03T21:09:29.374Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:20.273

Modified: 2026-04-02T19:19:22.943

Link: CVE-2025-24230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:15:05Z

Weaknesses