Login Sign Up

CVE-2025-24085

10.0 CRITICAL CISA KEV

📋 TL;DR

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows malicious applications to elevate privileges. It affects iOS, iPadOS, visionOS, macOS, watchOS, and tvOS. Apple has confirmed this vulnerability may have been actively exploited against iOS versions before 17.2.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • visionOS
  • macOS Sequoia
  • watchOS
  • tvOS
Versions: Versions before iOS 18.3, iPadOS 18.3, visionOS 2.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3
Operating Systems: Apple iOS, Apple iPadOS, Apple visionOS, Apple macOS, Apple watchOS, Apple tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Apple reports active exploitation against iOS versions before 17.2.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges, allowing attackers to bypass all security controls, install persistent malware, and access all user data.

🟠

Likely Case

Privilege escalation from sandboxed application to system-level access, enabling data theft, surveillance, or further exploitation.

🟢

If Mitigated

Limited impact if devices are fully patched and running with minimal privileges, though legacy devices remain vulnerable.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious application execution. Apple confirms active exploitation in the wild against older iOS versions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 18.3, iPadOS 18.3, visionOS 2.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3

Vendor Advisory: https://support.apple.com/en-us/122066

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Limit installation of applications to only those from trusted sources (App Store) and avoid sideloading.

Device Management Controls

all

Use MDM solutions to enforce application whitelisting and prevent unauthorized app installations.

🧯 If You Can't Patch

  • Isolate vulnerable devices from critical networks and sensitive data
  • Implement strict application control policies to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version

Check Version:

Settings > General > About > Software Version (iOS/iPadOS/watchOS/tvOS) or About This Mac > macOS version (macOS)

Verify Fix Applied:

Verify installed version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Kernel memory access violations
  • Application sandbox escape attempts

Network Indicators:

  • Unusual outbound connections from Apple devices
  • Communication with known malicious domains

SIEM Query:

source="apple_device_logs" AND (event_type="privilege_escalation" OR process_name="kernel")

📊 Metadata

CVE ID: CVE-2025-24085
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 28.43% exploit probability (96.4th percentile)
CISA KEV: Actively Exploited added Jan 29, 2025
Published: January 27, 2025
Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24085, you might also want to check these:

CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)
CVE-2025-49708 9.9

This is a use-after-free vulnerability in Microsoft Graphics Component that allows an authenticated ...

Same vulnerability type (CWE-416)