CVE-2025-24111: Double Free
First published: Mon May 12 2025(Updated: )
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
Credit: Ron Masas BREAKPOINTHossein Lotfi @hosselot Trend Micro Zero Day InitiativeDillon Franke Google Project Zerowac Trend Micro Zero Day InitiativeWang Yu CyberservalAndrew James Gonzalez Lyutoon Atredis PartnersYenKoc Atredis PartnersDayton Pidhirney Atredis PartnersSaagar Jha Mateusz Krzywicki @krzywix Michael DePlante @izobashi Trend Micro Zero Day InitiativeLucas Leong @_wmliang_ Trend Micro Zero Day InitiativeChristian Kohlschütter CVE-2024-8176 Richard Hyunho Im @richeeta Andr.Ess Noah Gregory (wts.dev) wac Wojciech Regula SecuRingDave G. Kirin @Pwnrin 7feilee Eric Dorphy Twin Cities App Dev LLCAdam M. Google V8 Security Team Ignacio Sanmillan @ulexec Jiming Wang Jikai Ren an anonymous researcher
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and macOS | <17.7.7 | 17.7.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122405 (Advisory)
- https://support.apple.com/en-us/122073
- https://support.apple.com/en-us/122072
- https://support.apple.com/en-us/122068
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122071
- https://support.apple.com/en-us/122066
- https://support.apple.com/en-us/122375
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2025-24097
- CVE-2025-31251
- CVE-2025-31235
- CVE-2025-31208
- CVE-2025-31196
- CVE-2025-31209
- CVE-2025-31239
- CVE-2025-31233
- CVE-2025-24111
- CVE-2025-31210
- CVE-2025-30448
- CVE-2025-31226
- CVE-2025-24144
- CVE-2025-31219
- CVE-2025-31241
- CVE-2024-8176
- CVE-2025-24225
- CVE-2025-31228
- CVE-2025-24259
- CVE-2025-31245
- CVE-2025-24220
- CVE-2025-31221
- CVE-2025-31213
- CVE-2025-31242
- CVE-2025-31220
- CVE-2025-24213
- CVE-2025-31217
- CVE-2025-31215
- CVE-2025-31206
Frequently Asked Questions
What is the severity of CVE-2025-24111?
The severity of CVE-2025-24111 is considered high due to the potential for exploitation affecting multiple components.
How do I fix CVE-2025-24111?
To fix CVE-2025-24111, update your iPadOS to version 17.7.7 or later as it contains the necessary security improvements.
What systems are affected by CVE-2025-24111?
CVE-2025-24111 affects Apple iPadOS versions prior to 17.7.7.
What types of issues are addressed in CVE-2025-24111?
CVE-2025-24111 addresses a permissions issue, improved input sanitization, memory management improvements, and enhanced checks.
Is information about CVE-2025-24111 available from Apple?
Yes, Apple has provided details about CVE-2025-24111 in their security advisory and support documentation.
- collector/apple-support
- source/Apple
- alias/CVE-2025-31251
- alias/CVE-2025-31235
- alias/CVE-2025-31208
- alias/CVE-2025-31196
- alias/CVE-2025-31209
- alias/CVE-2025-31239
- alias/CVE-2025-31233
- alias/CVE-2025-24111
- alias/CVE-2025-31210
- alias/CVE-2025-30448
- alias/CVE-2025-31226
- alias/CVE-2025-24144
- alias/CVE-2025-31219
- alias/CVE-2025-31241
- alias/CVE-2024-8176
- alias/CVE-2025-24225
- alias/CVE-2025-31228
- alias/CVE-2025-24259
- alias/CVE-2025-31245
- alias/CVE-2025-24220
- alias/CVE-2025-31221
- alias/CVE-2025-31213
- alias/CVE-2025-31242
- alias/CVE-2025-31220
- alias/CVE-2025-24213
- alias/CVE-2025-31217
- alias/CVE-2025-31215
- alias/CVE-2025-31206
- agent/software-canonical-lookup
- agent/weakness
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/source
- agent/tags
- agent/type
- agent/description
- agent/event
- vendor/apple
- canonical/apple ios, ipados, and macos