CVE-2025-24085 — Apple Multiple Products Use-After-Free Vulnerability

2025-01-29 • CISA Known Exploited Vulnerability

[event] Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

> AFFECTED SOFTWARE

Field	Value
Vendor	Apple
Product	Multiple Products
CWE	CWE-416
CVE ID	CVE-2025-24085
Date Added	2025-01-29
Due Date	2025-02-19
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-02-19

> REFERENCES

[1] https://support.apple.com/en-us/122066
[2] https://support.apple.com/en-us/122068
[3] https://support.apple.com/en-us/122071
[4] https://support.apple.com/en-us/122072
[5] https://support.apple.com/en-us/122073
[6] https://nvd.nist.gov/vuln/detail/CVE-2025-24085