CVE-2025-24118
Published: 27 January 2025
Summary
CVE-2025-24118 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 3.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-24118 is an out-of-bounds write vulnerability stemming from insufficient memory handling in Apple's kernel. It affects iPadOS 17.7.4 prior to the listed update as well as macOS Sequoia before 15.3 and macOS Sonoma before 14.7.3. The flaw permits an application to trigger unexpected system termination or directly modify kernel memory.
An attacker with the ability to run a malicious app on an affected device can exploit the issue. Because the attack requires user interaction and runs with no special privileges, it is typically delivered via a crafted application that the victim is tricked into executing; successful exploitation yields high-integrity and high-availability impact on the host.
Apple has addressed the vulnerability through improved memory handling in the security updates iPadOS 17.7.4, macOS Sequoia 15.3, and macOS Sonoma 14.7.3, as documented in the vendor advisories at support.apple.com. The corresponding entries also appear in the January 2025 Full Disclosure mailing-list archives.
EPSS for the CVE currently stands at 0.27 with a recorded peak of 0.31; no public evidence of in-the-wild exploitation has been reported.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3630
Vulnerability details
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write to kernel memory from a local app directly enables exploitation for privilege escalation (T1068); system crash is a secondary DoS effect but not the primary mapping.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-16 implements memory protection controls that directly prevent out-of-bounds writes to kernel memory by malicious apps.
SC-39 enforces process isolation separating user apps from kernel processes, blocking unauthorized kernel memory access.
SI-2 requires timely flaw remediation through patching, directly addressing the memory handling vulnerability fixed in specified iPadOS and macOS updates.