CVE-2025-24220
Description
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A permissions issue in iOS and iPadOS allows an app to read a persistent device identifier; fixed in iOS 18.4, iPadOS 18.4, and iPadOS 17.7.9.
Root
Cause A permissions issue existed in iOS and iPadOS that could allow an app to read a persistent device identifier. Apple addressed the issue by adding additional restrictions to prevent unauthorized access to sensitive identifiers [1].
Exploitation
An app installed on the device could exploit this vulnerability to read a persistent device identifier without proper authorization. No special privileges or user interaction beyond installing the app is required, though the app must be running on the device [1].
Impact
Successful exploitation could lead to the exposure of a persistent device identifier, which can be used for tracking or fingerprinting purposes, compromising user privacy [1].
Mitigation
Apple has released patches in iOS 18.4 and iPadOS 18.4 (for devices with A12 Bionic and later) and iPadOS 17.7.9 (for older iPad models). Users should update to the latest available version to protect against this vulnerability [1][2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/en-us/122371nvdRelease NotesVendor Advisory
- seclists.org/fulldisclosure/2025/Jul/31nvd
- seclists.org/fulldisclosure/2025/May/6nvd
- support.apple.com/en-us/124148nvd
News mentions
0No linked articles in our index yet.