CVE-2025-24085

Sažetak

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Reference

https://support.apple.com/en-us/122066
https://support.apple.com/en-us/122068
https://support.apple.com/en-us/122071
https://support.apple.com/en-us/122072
https://support.apple.com/en-us/122073
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/9
http://seclists.org/fulldisclosure/2025/Jan/12
http://seclists.org/fulldisclosure/2025/Jan/13
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/19
http://seclists.org/fulldisclosure/2025/Jun/19
http://seclists.org/fulldisclosure/2025/Oct/1
http://seclists.org/fulldisclosure/2025/Oct/23
http://seclists.org/fulldisclosure/2025/Oct/30
http://seclists.org/fulldisclosure/2025/Oct/31
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
https://github.com/cisagov/vulnrichment/issues/194
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085

CVSS

Base:	10.0
Impact:	6.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

02-04-2026 - 19:18

Objavljeno

27-01-2025 - 22:15