CVE-2025-24118
Published: 27 January 2025
Summary
CVE-2025-24118 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-16 implements memory protection controls that directly prevent out-of-bounds writes to kernel memory by malicious apps.
SC-39 enforces process isolation separating user apps from kernel processes, blocking unauthorized kernel memory access.
SI-2 requires timely flaw remediation through patching, directly addressing the memory handling vulnerability fixed in specified iPadOS and macOS updates.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write to kernel memory from a local app directly enables exploitation for privilege escalation (T1068); system crash is a secondary DoS effect but not the primary mapping.
NVD Description
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
Deeper analysisAI
CVE-2025-24118 is a memory handling vulnerability affecting Apple's iPadOS and macOS operating systems. The flaw, associated with CWE-787 (Out-of-bounds Write), allows an app to write to kernel memory or cause unexpected system termination. It has been addressed through improved memory handling and is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, and macOS Sonoma 14.7.3, indicating prior versions are vulnerable.
The vulnerability carries a CVSS v3.1 base score of 7.1 (High), with local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and required user interaction (UI:R). A local attacker can exploit it via a malicious app, achieving high integrity impact (I:H) by writing to kernel memory and high availability impact (A:H) through system crashes, with no confidentiality impact (C:N) and unchanged scope (S:U).
Apple security advisories detail the mitigation as applying the specified patches: iPadOS 17.7.4, macOS Sequoia 15.3, or macOS Sonoma 14.7.3, which implement enhanced memory handling to prevent the out-of-bounds write. Additional details are available in the referenced support bulletins at https://support.apple.com/en-us/122067, https://support.apple.com/en-us/122068, and https://support.apple.com/en-us/122069, along with Full Disclosure mailing list entries.
Details
- CWE(s)