CVE-2025-24182: 
macOS vulnerability analysis and mitigation

CVE-2025-24182 is an out-of-bounds read vulnerability discovered in Apple's CoreText component that affects multiple Apple operating systems. The vulnerability was disclosed on March 31, 2025, and affects visionOS 2.4, iOS 18.4, iPadOS 18.4, tvOS 18.4, and macOS Sequoia 15.4. The issue was discovered by Hossein Lotfi of Trend Micro Zero Day Initiative (Apple Security).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) in the CoreText component that occurs when processing maliciously crafted fonts. The issue was addressed with improved input validation. The vulnerability has received a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability can result in the disclosure of process memory when processing a maliciously crafted font. This could potentially lead to information disclosure and privacy breaches (Apple Security).

Apple has released security updates to address this vulnerability in visionOS 2.4, iOS 18.4, iPadOS 18.4, tvOS 18.4, and macOS Sequoia 15.4. Users are advised to update their devices to these latest versions to protect against potential exploitation (Apple Security, Apple Security).