SecuriTricks - CVE-2025-24252

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.

Product(s) Impacted

Vendor	Product	Versions
Apple	Ipados Iphone Os Macos Tvos Visionos	* * * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416

Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	tvos	/	/	/	/	/	/	/	/
o	apple	visionos	/	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

https://support.apple.com/en-us/122373

https://support.apple.com/en-us/122374

https://support.apple.com/en-us/122375

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122378

CVSS Score

9.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: April 29, 2025, 3:15 a.m.
Last Modified: April 29, 2025, 8:10 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2025-24252