CVE-2025-24252: Use After Free
First published: Tue Apr 29 2025(Updated: )
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS | <15.4 | |
| tvOS | <18.4 | |
| macOS Ventura | <13.7.5 | |
| Apple iOS, iPadOS, and macOS | <17.7.6 | |
| Apple macOS | <14.7.5 | |
| Apple iOS and iPadOS | <18.4 | |
| visionOS | <2.4 | |
| Apple iOS, iPadOS, and macOS | <17.7.6 | |
| Apple iOS, iPadOS, and macOS | >=18.0<18.4 | |
| iPhone OS | <18.4 | |
| macOS | <13.7.5 | |
| macOS | >=14.0<14.7.5 | |
| macOS | >=15.0<15.4 | |
| tvOS | <18.4 | |
| visionOS | <2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122377
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122378
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
Frequently Asked Questions
What is the severity of CVE-2025-24252?
CVE-2025-24252 is considered a high-severity vulnerability due to the potential for memory corruption by an attacker on the local network.
How do I fix CVE-2025-24252?
To fix CVE-2025-24252, users should update their devices to the latest versions including macOS Sequoia 15.4, tvOS 18.4, and iPadOS 18.4.
Which software versions are affected by CVE-2025-24252?
CVE-2025-24252 affects macOS Sequoia versions before 15.4, tvOS versions before 18.4, and iPadOS versions before 17.7.6.
Can CVE-2025-24252 be exploited remotely?
No, CVE-2025-24252 requires an attacker to be on the local network to exploit the vulnerability.
What kind of vulnerability is CVE-2025-24252?
CVE-2025-24252 is a use-after-free vulnerability that involves improper memory management leading to potential process memory corruption.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/last-modified-date
- agent/severity
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2025-24252
- alias/CVE-2025-24132
- alias/CVE-2025-24206
- agent/references
- agent/source
- agent/event
- agent/trending
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/macos
- canonical/tvos
- canonical/macos ventura
- canonical/apple ios, ipados, and macos
- canonical/apple macos
- canonical/apple ios and ipados
- canonical/visionos
- version/apple ios, ipados, and macos/18.0
- canonical/iphone os
- version/macos/14.0
- version/macos/15.0