CVE-2025-24120
Published: 27 January 2025
Summary
CVE-2025-24120 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 24.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of software flaws like inadequate object lifetime management to prevent remote exploitation causing app termination.
Implements protections against denial-of-service attacks, directly mitigating the unexpected app termination triggered by network-based exploitation of this vulnerability.
Provides memory safeguards such as isolation and non-execution protections that can mitigate exploitation of object lifetime mismanagement errors leading to crashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote exploitation of a macOS application flaw to cause unexpected termination, directly mapping to application or system exploitation for endpoint denial of service.
NVD Description
This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An attacker may be able to cause unexpected app termination.
Deeper analysisAI
CVE-2025-24120 is a vulnerability stemming from inadequate management of object lifetimes, classified under CWE-772 (Missing Release of Resource after Effective Lifetime). It affects macOS systems, specifically versions prior to the patched releases of macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3. The issue was publicly disclosed on January 27, 2025, and carries a CVSS v3.1 base score of 7.5, reflecting its potential for high-impact denial of service without confidentiality or integrity disruption.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables the attacker to trigger unexpected application termination, resulting in a denial-of-service condition on the targeted macOS app. The attack does not escalate privileges or compromise data, but its network accessibility and ease of execution make it a notable risk for availability.
Apple's security advisories detail the fix through enhanced object lifetime management and recommend updating to macOS Sequoia 15.3, macOS Sonoma 14.7.3, or macOS Ventura 13.7.3. Additional details are available in the referenced support bulletins at https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, and https://support.apple.com/en-us/122070, along with Full Disclosure mailing list entries.
Details
- CWE(s)