iPadOS 17.7.4
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。

Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100

iPadOS 17.7.4
Released January 27, 2025

- AirPlay
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A type confusion issue was addressed with improved checks.
CVE-2025-24137: Uri Katz (Oligo Security)

- ARKit
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of Zhejiang University

- CoreAudio
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24161: Google Threat Analysis Group
CVE-2025-24160: Google Threat Analysis Group
CVE-2025-24163: Google Threat Analysis Group

- CoreMedia
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24123: Desmond working with Trend Micro Zero Day Initiative
CVE-2025-24124: Pwn2car & Rotiple(HyeongSeok Jang) working with Trend Micro Zero Day Initiative

- CoreRoutine
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to determine a user’s current location
Description: The issue was addressed with improved checks.
CVE-2025-24102: Kirin (@Pwnrin)

- ICU
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2024-54478: Gary Kwong

- ImageIO
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat, D4m0n

- Kernel
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-24118: Joseph Ravichandran (@0xjprx) of MIT CSAIL

- Kernel
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2025-24159: pattern-f (@pattern_F_)

- LaunchServices
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)

- libxslt
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
CVE-2025-24166: Ivan Fratric of Google Project Zero

- Managed Configuration
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files
Description: This issue was addressed with improved handling of symlinks.
CVE-2025-24104: Hichem Maloufi, Hakim Boukhadra

- QuartzCore
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2024-54497: Anonymous working with Trend Micro Zero Day Initiative

- SceneKit
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Additional recognition
- CoreAudio
We would like to acknowledge Google Threat Analysis Group for their assistance.

- CoreMedia Playback
We would like to acknowledge Song Hyun Bae (@bshyuunn) and Lee Dong Ha (Who4mI) for their assistance.

- Static Linker
We would like to acknowledge Holger Fuhrmannek for their assistance.