CVE-2025-24085
Published: 27 January 2025
Summary
CVE-2025-24085 is a critical-severity Use After Free (CWE-416) vulnerability in Apple Macos. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 5.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-16 implements memory protection mechanisms like address space randomization and non-executable memory to directly prevent exploitation of use-after-free vulnerabilities.
SI-2 mandates timely flaw remediation through patching, directly addressing the specific use-after-free vulnerability fixed in updated Apple OS versions.
AC-6 enforces least privilege to limit the scope and impact of privilege escalation by malicious applications exploiting the use-after-free issue.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free vulnerability directly enables a malicious application to elevate privileges on affected Apple platforms, matching Exploitation for Privilege Escalation.
NVD Description
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious…
more
application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Deeper analysisAI
CVE-2025-24085 is a use-after-free vulnerability (CWE-416) addressed by Apple through improved memory management. It affects multiple Apple operating systems, including iOS prior to version 18.3, iPadOS prior to 18.3 and 17.7.6, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.3, visionOS prior to 2.3, and watchOS prior to 11.3.
The vulnerability enables a malicious application to elevate privileges. It carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating exploitation is possible over the network with low attack complexity, no required privileges or user interaction, and impacts confidentiality, integrity, and availability at a high level with a changed scope.
Apple security advisories confirm the issue is fixed in the specified versions across affected platforms. Mitigation details are available in the following support pages: https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122071, https://support.apple.com/en-us/122072, and https://support.apple.com/en-us/122073.
Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Details
- CWE(s)
- KEV Date Added
- 29 January 2025