CVE-2025-24085: Apple Multiple Products Use-After-Free Vulnerability

CVE ID

CVE-2025-24085

Vulnerability Name

Apple Multiple Products Use-After-Free Vulnerability

• Project: Apple
• Product: Multiple Products

Date

• Date Added: 2025-01-29
• Due Date: 2025-02-19

Description

Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122066 ; https://support.apple.com/en-us/122068 ; https://support.apple.com/en-us/122071 ; https://support.apple.com/en-us/122072 ; https://support.apple.com/en-us/122073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24085

Related Security News

• Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
• Apple fixes new zero-day flaw exploited in targeted attacks
• Apple patches security flaw exploited in Chrome zero-day attacks
• Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
• Apple fixes two zero-days exploited in targeted iPhone attacks
• Apple backports zero-day patches to older iPhones and Macs
• Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
• Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
• Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
• Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List