CVE-2025-24085

Known Exploited

Description

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

References

Link	Tags
https://support.apple.com/en-us/122073	release notes vendor advisory
https://support.apple.com/en-us/122072	release notes vendor advisory
https://support.apple.com/en-us/122068	release notes vendor advisory
https://support.apple.com/en-us/122071	release notes vendor advisory
https://support.apple.com/en-us/122066	release notes vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-24085?: CVE-2025-24085 has been scored as a high severity vulnerability.
How to fix CVE-2025-24085?: To fix CVE-2025-24085, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-24085 being actively exploited in the wild?: It is confirmed that CVE-2025-24085 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~8% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-24085?: CVE-2025-24085 affects Apple visionOS, Apple tvOS, Apple macOS, Apple watchOS, Apple iOS and iPadOS.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions