Use-After-Free Vulnerability in Apple macOS and iOS Products
CVE-2025-24252

9.8CRITICAL

Key Information:

Vendor

Apple
Status
TV OS
iOS And iPad OS
iPad OS
Mac OS
Vendor
CVE Published:
29 April 2025

Badges

📈 Trended📈 Score: 3,700👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-24252?

CVE-2025-24252 is a use-after-free vulnerability found in various Apple macOS and iOS products, including macOS Sequoia, tvOS, and iPadOS. This vulnerability arises from improper memory management, allowing an attacker situated on the local network to potentially corrupt process memory. The implications of this flaw can be severe, as it may lead to unauthorized access to sensitive data or system instability, impacting the overall security posture of affected organizations.

Technical Details

The root cause of CVE-2025-24252 is a use-after-free issue related to memory management mechanisms in Apple's operating systems. Use-after-free vulnerabilities occur when a program continues to reference memory that has already been freed, which can lead to unpredictable behavior, including arbitrary code execution. In this case, Apple has addressed the issue in several software updates, ensuring that the affected versions of the operating systems—macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, and visionOS 2.4—implement improved memory management practices to eliminate this flaw.

Potential impact of CVE-2025-24252

  1. Unauthorized Access: Attackers on the local network could exploit this vulnerability to gain unauthorized access to a victim's machine, potentially leading to further attacks or data exfiltration.

  2. System Instability: The corruption of process memory can cause application crashes or system instability, disrupting operations and negatively affecting user experiences.

  3. Data Breach Risk: If successfully exploited, this vulnerability could allow attackers to access sensitive information stored on the device, increasing the risk of data breaches and the consequent financial and reputational damage to organizations.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

AirBorne-PoC
Created by ekomsSavior

AirBorne-PoC
Created by apwlq

News Articles

favicon imageHackread

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities - Update Now!

AirBorne flaws in Apple AirPlay expose billions of devices to remote attacks, RCE, data theft. Update iPhones, Macs, CarPlay and 3rd-party devices.

3 weeks ago

favicon imageSecurityWeek

AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover

Vulnerabilities in Apple’s AirPlay protocol could have allowed attackers to execute code remotely without user interaction.

3 weeks ago

References

https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

.
CVE-2025-24252 : Use-After-Free Vulnerability in Apple macOS and iOS Products