Use After Free Vulnerability in Apple VisionOS and iOS Products
CVE-2025-24085
Key Information:
Badges
What is CVE-2025-24085?
CVE-2025-24085 is a use-after-free vulnerability found in Apple’s VisionOS and iOS products, which are integral to the functioning of Apple's ecosystem, particularly in devices like the iPhone, iPad, and televisions. This vulnerability arises from improper memory management that can potentially allow malicious applications to elevate privileges within the operating system. If left unaddressed, organizations utilizing affected versions of these operating systems may face significant risks, including unauthorized access to sensitive data and system manipulation.
Technical Details
This vulnerability was specifically linked to a flaw in how the memory management system handled object lifetimes within the affected Apple operating systems. When a program attempts to use memory after it has been freed (released), it can lead to unpredictable behavior, including crashes, data corruption, or the potential execution of arbitrary code. The issue has been patched in the latest versions of VisionOS (2.3), iOS (18.3), iPadOS (18.3), macOS (Sequoia 15.3), watchOS (11.3), and tvOS (18.3). However, prior versions, particularly iOS versions before 17.2, were identified as being at risk for exploitation.
Potential Impact of CVE-2025-24085
-
Privilege Escalation: The vulnerability may allow an attacker to execute code with elevated privileges, potentially granting unauthorized access to sensitive parts of the system.
-
Compromise of Data Integrity: Attackers could exploit this vulnerability to manipulate or corrupt data, which can have serious consequences for data reliability and trustworthiness.
-
System Instability: Exploitation of this flaw could lead to application crashes or system hangs, impacting productivity and user experience across devices reliant on the affected operating systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
iOS and iPadOS < 18.3
macOS < 15.3
tvOS < 18.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
SentinelOneCVE-2025-24085The Good, the Bad and the Ugly in Cybersecurity - Week 5
Officials seize two major hacking forums, zero-day bug found in multiple Apple products, and APTs abuse Gemini AI to bolster cyber operations.
5 days ago
Help Net SecurityWeek in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone
5 days ago
ForbesCVE-2025-24085iOS 18.3—Update Now Warning Issued To All iPhone Users
Apple has issued iOS 18.3, fixing 29 flaws, one of which is already being used in real-life attacks on iPhones. Here's what you need to know.
1 week ago
References
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 🟡
Public PoC available
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by Forbes
Vulnerability published
Vulnerability Reserved