Skip to main content

Security updates include remediation for an exploited zero-day privilege escalation vulnerability affecting iOS, iPadOS, and macOS

Threat ID:CC-4611
Threat Severity:Medium
Published:28 January 2025 3:31 PM

Summary

Security updates include remediation for an exploited zero-day privilege escalation vulnerability affecting iOS, iPadOS, and macOS 

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 18.3
Safari
Versions: all prior to 18.3
iOS
Versions: all prior to 18.3, all prior to 17.7.4
iPadOS
Versions: all prior to 15.3
macOS Sequoia
Versions: all prior to 14.7.3
macOS Sonoma
Versions: all prior to 13.7.3
macOS Ventura
Versions: all prior to 11.3
watchOS
Versions: all prior to 18.3
tvOS
Versions: all prior to 2.3
visionOS

Threat details

Exploitation of CVE-2025-24085

Apple reports that CVE-2025-24085 may have been actively exploited against versions of iOS before iOS 17.2


Introduction

Apple has released security updates to address 70 named vulnerabilities in multiple Apple products, including the exploited zero-day privilege escalation vulnerability CVE-2025-24085.

CVE-2025-24085 is a 'use after free' vulnerability with a CVSSv3 base score of 7.8. Apple reports that CVE-2025-24085 may have been exploited by attackers against versions of iOS before 17.2.

Threat updates

  
29 Jan 2025Added CVSS score details for CVE-2025-24085

Remediation advice

Affected organisations are encouraged to review Apple security releases and apply the relevant updates.

Remediation steps

  
Patch

Safari 18.3 | 122074


https://support.apple.com/en-us/122074
Patch

iOS 18.3 and iPadOS 18.3 | 122066


https://support.apple.com/en-us/122066
Patch

iPadOS 17.7.4 | 122067


https://support.apple.com/en-us/122067
Patch

macOS Sequoia 15.3 | 122068


https://support.apple.com/en-us/122068
Patch

macOS Sonoma 14.7.3 | 122069


https://support.apple.com/en-us/122069
Patch

macOS Ventura 13.7.3 | 122070


https://support.apple.com/en-us/122070
 

watchOS 11.3 | 122071


https://support.apple.com/en-us/122071
Patch

tvOS 18.3 | 122072


https://support.apple.com/en-us/122072
Patch

visionOS 2.3 | 122073


https://support.apple.com/en-us/122073

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2025-24085A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
 

Last edited: 29 January 2025 12:32 pm

Back to top