CVE-2025-24085

high-risk
Published 2025-01-27

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Do I need to act?

!
14.8% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
52316
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Apple

References (23)

Release Notes https://support.apple.com/en-us/122066
Release Notes https://support.apple.com/en-us/122068
Release Notes https://support.apple.com/en-us/122071
Release Notes https://support.apple.com/en-us/122072
Release Notes https://support.apple.com/en-us/122073
Release Notes https://support.apple.com/en-us/122372
Release Notes https://support.apple.com/en-us/122374
Release Notes https://support.apple.com/en-us/122375
Mailing List http://seclists.org/fulldisclosure/2025/Apr/10
Mailing List http://seclists.org/fulldisclosure/2025/Apr/5
Mailing List http://seclists.org/fulldisclosure/2025/Apr/9
Mailing List http://seclists.org/fulldisclosure/2025/Jan/12
Mailing List http://seclists.org/fulldisclosure/2025/Jan/13
Mailing List http://seclists.org/fulldisclosure/2025/Jan/15
Mailing List http://seclists.org/fulldisclosure/2025/Jan/19
Mailing List http://seclists.org/fulldisclosure/2025/Jun/19
Mailing List http://seclists.org/fulldisclosure/2025/Oct/1
Mailing List http://seclists.org/fulldisclosure/2025/Oct/23
Mailing List http://seclists.org/fulldisclosure/2025/Oct/30
Mailing List http://seclists.org/fulldisclosure/2025/Oct/31
and 3 more references
65
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 19/34 · Moderate
Exposure 13/34 · Low