Consorzio Metis

CSIRT Toscana

CSIRT Toscana

Aggiornamenti di sicurezza Apple (AL01/250401/CSIRT-ITA)

Data:
1 Aprile 2025 16:34

Impatto Sistemico

Alto (73.84)

Sintesi

Apple ha rilasciato aggiornamenti di sicurezza per sanare molteplici vulnerabilità presenti nei propri prodotti.

Note: un Proof of Concept (PoC) per lo sfruttamento della vulnerabilità CVE-2025-24085 risulta disponibile in rete.

Note: il vendor afferma che le vulnerabilità CVE-2025-24200 , CVE-2025-24201 e CVE-2025-24085 risultano essere sfruttate attivamente in rete.

Tipologia

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restrictions Bypass
  • Information Disclosure
  • Spoofing

Prodotti e/o versioni affette

Apple

  • macOS Sequoia, versioni precedenti alla 15.4
  • macOS Sonoma, versioni precedenti alla 14.7.5
  • macOS Ventura, versioni precedenti alla 13.7.5
  • iOS, versioni precedenti alla 18.4
  • iPadOS, versioni precedenti alla 18.4
  • tvOS, versioni precedenti alla 18.4
  • visionOS, versioni precedenti alla 2.4
  • Safari, versioni precedenti alla 18.4
  • Xcode, versioni precedenti alla 16.3

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di applicare le patch seguendo le indicazioni riportate nei bollettini di sicurezza, disponibili nella sezione Riferimenti.

Riferimenti

CVE

CVE-ID
CVE-2023-27043 CVE-2024-40864 CVE-2024-48958 CVE-2024-54502
CVE-2024-54508 CVE-2024-54533 CVE-2024-54534 CVE-2024-54543
CVE-2024-56171 CVE-2024-9681 CVE-2025-24085 CVE-2025-24093
CVE-2025-24095 CVE-2025-24097 CVE-2025-24113 CVE-2025-24139
CVE-2025-24148 CVE-2025-24157 CVE-2025-24163 CVE-2025-24164
CVE-2025-24167 CVE-2025-24170 CVE-2025-24172 CVE-2025-24173
CVE-2025-24178 CVE-2025-24180 CVE-2025-24181 CVE-2025-24182
CVE-2025-24190 CVE-2025-24191 CVE-2025-24192 CVE-2025-24193
CVE-2025-24194 CVE-2025-24195 CVE-2025-24196 CVE-2025-24198
CVE-2025-24199 CVE-2025-24200 CVE-2025-24201 CVE-2025-24202
CVE-2025-24203 CVE-2025-24204 CVE-2025-24205 CVE-2025-24207
CVE-2025-24208 CVE-2025-24209 CVE-2025-24210 CVE-2025-24211
CVE-2025-24212 CVE-2025-24213 CVE-2025-24214 CVE-2025-24215
CVE-2025-24216 CVE-2025-24217 CVE-2025-24218 CVE-2025-24221
CVE-2025-24226 CVE-2025-24228 CVE-2025-24229 CVE-2025-24230
CVE-2025-24231 CVE-2025-24232 CVE-2025-24233 CVE-2025-24234
CVE-2025-24235 CVE-2025-24236 CVE-2025-24237 CVE-2025-24238
CVE-2025-24239 CVE-2025-24240 CVE-2025-24241 CVE-2025-24242
CVE-2025-24243 CVE-2025-24244 CVE-2025-24245 CVE-2025-24246
CVE-2025-24247 CVE-2025-24248 CVE-2025-24249 CVE-2025-24250
CVE-2025-24253 CVE-2025-24254 CVE-2025-24255 CVE-2025-24256
CVE-2025-24257 CVE-2025-24259 CVE-2025-24260 CVE-2025-24261
CVE-2025-24262 CVE-2025-24263 CVE-2025-24264 CVE-2025-24265
CVE-2025-24266 CVE-2025-24267 CVE-2025-24269 CVE-2025-24272
CVE-2025-24273 CVE-2025-24276 CVE-2025-24277 CVE-2025-24278
CVE-2025-24279 CVE-2025-24280 CVE-2025-24281 CVE-2025-24282
CVE-2025-24283 CVE-2025-27113 CVE-2025-30424 CVE-2025-30425
CVE-2025-30426 CVE-2025-30427 CVE-2025-30428 CVE-2025-30429
CVE-2025-30430 CVE-2025-30432 CVE-2025-30433 CVE-2025-30434
CVE-2025-30435 CVE-2025-30437 CVE-2025-30438 CVE-2025-30439
CVE-2025-30441 CVE-2025-30443 CVE-2025-30444 CVE-2025-30446
CVE-2025-30447 CVE-2025-30449 CVE-2025-30450 CVE-2025-30451
CVE-2025-30452 CVE-2025-30454 CVE-2025-30455 CVE-2025-30456
CVE-2025-30457 CVE-2025-30458 CVE-2025-30460 CVE-2025-30461
CVE-2025-30462 CVE-2025-30463 CVE-2025-30464 CVE-2025-30465
CVE-2025-30467 CVE-2025-30469 CVE-2025-30470 CVE-2025-30471
CVE-2025-31182 CVE-2025-31183 CVE-2025-31184 CVE-2025-31187
CVE-2025-31188 CVE-2025-31191 CVE-2025-31192 CVE-2025-31194

Change log

Versione Note Data
1.0 Pubblicato il 01-04-2025 01/04/2025

Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link