Use-After-Free Vulnerability in Apple macOS and iOS Products
CVE-2025-24252

9.8CRITICAL

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 29 April 2025

Summary

A use-after-free vulnerability was identified in certain Apple operating systems where attackers on a local network could exploit improper memory management, potentially allowing them to corrupt process memory. This can lead to unintended behavior and security risks. The issue has been addressed in various updates for macOS, iOS, tvOS, iPadOS, and visionOS, enhancing memory management to mitigate such risks.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025