CVE-2025-24160: 
macOS vulnerability analysis and mitigation

CVE-2025-24160 is a security vulnerability affecting Apple's CoreAudio component that was disclosed on January 27, 2025. The vulnerability affects multiple Apple operating systems including iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. The issue involves improper file parsing that may lead to an unexpected app termination (Apple Support).

The vulnerability is related to file parsing in the CoreAudio component and was addressed with improved checks. The issue has been assigned a CVSS 3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. The vulnerability is classified under CWE-404 (Improper Resource Shutdown or Release) (NVD).

When exploited, the vulnerability can cause an unexpected application termination when parsing a specially crafted file. This primarily affects the availability of the application, with no reported impacts on confidentiality or integrity (Apple Support, NVD).

Apple has released security updates to address this vulnerability across their affected operating systems. Users should update to iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, or tvOS 18.3 depending on their device (Hacker News, Apple Support).