CVE-2025-24085
| CVE Published | 2025-01-27 |
|---|---|
| Related CWE(s) | CWE-416: Use After Free |
| Related Vendor(s) | apple |
| Related Product(s) | visionos, iphone_os, watchos, tvos, macos, ipados |
| Exploitation Reported (CISA KEV) | 2025-01-29 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph