Vulnerabilities > CVE-2025-24085 - Use After Free vulnerability in Apple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers (source)
- Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)