fkie_cve-2025-24085
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-18 20:15
Severity ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
References
▼ | URL | Tags | |
---|---|---|---|
product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ cisaActionDue: "2025-02-19", cisaExploitAdd: "2025-01-29", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products Use-After-Free Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.", }, { lang: "es", value: "Se solucionó un problema de use after free con una mejor gestión de la memoria. Este problema se solucionó en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Una aplicación maliciosa podría elevar privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado activamente contra versiones de iOS anteriores a iOS 17.2.", }, ], id: "CVE-2025-24085", lastModified: "2025-02-18T20:15:28.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-27T22:15:14.990", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.