CVE-2025-24244
📋 TL;DR
This vulnerability allows attackers to leak process memory by tricking users into processing malicious font files. It affects macOS, iOS, iPadOS, and tvOS users running outdated versions of these operating systems.
💻 Affected Systems
- macOS
- iOS
- iPadOS
- tvOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Sensitive information disclosure including passwords, encryption keys, or other confidential data from application memory
Likely Case
Limited memory disclosure from applications processing fonts, potentially exposing some user data
If Mitigated
No impact if systems are patched or if malicious font files are blocked
🎯 Exploit Status
Requires user to process malicious font file; no known public exploits
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.
🔧 Temporary Workarounds
Block suspicious font files
allUse email/web gateways to block font files from untrusted sources
User awareness training
allTrain users not to open font files from unknown sources
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized font processing
- Use network segmentation to isolate vulnerable systems from sensitive data
🔍 How to Verify
Check if Vulnerable:
Check OS version against affected versions listCheck Version:
macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > VersionVerify Fix Applied:
Verify OS version matches or exceeds patched versions📡 Detection & Monitoring
Log Indicators:
- Unexpected font processing errors
- Memory access violations in font-related processes
Network Indicators:
- Font file downloads from suspicious sources
SIEM Query:
Process creation events for font-related applications with suspicious parent processes🔗 References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- https://support.apple.com/en-us/122377
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/11
- http://seclists.org/fulldisclosure/2025/Apr/13
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/5
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
