4.2

CVE-2025-43200

Warnung
Medienbericht
This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPadOS Version < 15.8.4
AppleiPadOS Version >= 16.0 < 16.7.11
AppleiPadOS Version >= 17.0 < 17.7.5
AppleiPadOS Version >= 18.0 < 18.3.1
AppleiPhone OS Version < 15.8.4
AppleiPhone OS Version >= 16.0 <= 16.7.11
AppleiPhone OS Version >= 17.0 <= 18.3.1
ApplemacOS Version >= 13.0 < 13.7.4
ApplemacOS Version >= 14.0 < 14.7.4
ApplemacOS Version >= 15.0 < 15.3.1
ApplevisionOS Version < 2.3.1
ApplewatchOS Version < 11.3.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

16.06.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Unspecified Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.585
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.2 1.6 2.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://support.apple.com/en-us/122173
Vendor Advisory
https://support.apple.com/en-us/122174
Vendor Advisory
https://support.apple.com/en-us/122345
Vendor Advisory
https://support.apple.com/en-us/122346
Vendor Advisory
https://support.apple.com/en-us/122901
Vendor Advisory
https://support.apple.com/en-us/122900
Vendor Advisory
https://support.apple.com/en-us/122903
Vendor Advisory
https://support.apple.com/en-us/122902
Vendor Advisory
https://support.apple.com/en-us/122904
Vendor Advisory
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43200
US Government Resource