šŸŸ¢ CVE-2025-24085

CVE-2025-24085 is a use-after-free vulnerability in Apple operating systems that allows a malicious application to elevate privileges. While it has a CVSS score of 10.0 and is in CISA KEV, this is primarily a local privilege escalation vulnerability affecting client-side Apple devices, not internet-facing servers.

ā† Back to Overview
LOW_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 ā€” Exploitation for Privilege Escalation
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

šŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-01-27

Added to CISA KEV: 2025-01-29 2 DAYS BETWEEN CVE AND KEV

šŸŽÆ Recommendations:

šŸ” Web Intelligence (Kagi Ā· 2026-06-04)

CVE-2025-24085 is a critical use-after-free (UAF) vulnerability in Apple's CoreMedia framework that has been confirmed as exploited in the wild [1]?id=CVE-2025-24085?kagi_q=CVE-2025-24085+details+exploitation+status+impact.

Exploitation and Threat Actor Usage
  • Active Exploitation: Apple has acknowledged reports that this vulnerability was actively exploited in the wild against versions of iOS prior to 17.2?id=CVE-2025-24085?kagi_q=CVE-2025-24085+details+exploitation+status+impact.
  • Targeted Attacks: The vulnerability has been associated with highly sophisticated, targeted attacks [2]. It has been identified as part of exploit chains (such as the "Glass Cage" chain) used to achieve sandbox escapes and kernel-level access [2].
  • Ransomware: There is no current evidence linking this specific vulnerability to widespread ransomware campaigns; it is primarily associated with targeted, advanced persistent threat (APT)-style operations [2].
Attack Method and Impact
  • Method: The vulnerability is a use-after-free flaw in the CoreMedia framework [2]. An attacker can trigger this condition by providing a malicious application (or via a malicious file/media stream) that manipulates freed memory regions, allowing for the execution of attacker-controlled code [1] [3].
  • Requirements: Exploitation typically requires a malicious application to be present on the device or delivered through a delivery vector (like a malicious message or web content) to trigger the memory corruption [3].
  • Impact: Successful exploitation allows an attacker to elevate privileges on the affected device, potentially gaining kernel-level access and bypassing sandbox protections [1] [2].
Affected Products and Mitigation
  • Status: This vulnerability is included in the CISA Known Exploited Vulnerabilities (KEV) catalog, mandating remediation for federal agencies [3].
  • Patches: Apple addressed this issue in January 2025 with improved memory management [1].
  • Affected Versions: The fix was released in the following versions:
* iOS and iPadOS: 18.3 (and iPadOS 17.7.6)?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2025-24085+details+exploitation+status+impact * macOS: Sequoia 15.3, Sonoma 14.7.5, and Ventura 13.7.5?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2025-24085+details+exploitation+status+impact * Other Platforms: visionOS 2.3, watchOS 11.3, and tvOS 18.3?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2025-24085+details+exploitation+status+impact

Sources

  1. CVE-2025-24085: Apple Multimedia UAF Decoded... | Fidelis Security

    CVE-2025-24085 is an Apple multimedia use-after-free vulnerability under active exploitation. Impact, exploit method, detection, mitigations and fixes.A malicious application can trigger the condition, manipulate freed memory, and cause the execution of attacker-controlled code with elevated privileā€¦

  2. CVE-2025-24085 - Overview, Insights & Trends

    Actively exploited zero-click iMessage vulnerability (CVE-2025-24085) compromises iOS devices. ... Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, exploiting WebKit (CVE-2025-24201) and Core Media (CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. ...

  3. CVE-2025-24085 - Vulnerability Details - OpenCVE

    CVE-2025-24085 - Privilege Escalation via Useā€‘Afterā€‘Free in Apple Mobile and Desktop OSes.Impact. A useā€‘afterā€‘free flaw was corrected with enhanced memory handling in Appleā€™s operating systems, allowing malicious applications to target freed memory regions and potentially elevate their privileges. Tā€¦

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

šŸ“„ Download JSON Data | šŸ“” RSS Feed