CVE-2025-24085

CRITICAL KEV

Apple Ipados < 17.7.6 - Use After Free

Title source: rule

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Exploits (4)

exploitdb WORKING POC
by Mohammed Idrees Banyamer · pythonlocalmacos
https://www.exploit-db.com/exploits/52316
nomisec WRITEUP 30 stars
by JGoyd · poc
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
github WRITEUP 4 stars
by 5ky9uy · poc
https://github.com/5ky9uy/glass-cage-i18-2025-24085-and-cve-2025-24201

References (23)

... and 3 more

Scores

CVSS v3 10.0
EPSS 0.1483
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2025-01-29
VulnCheck KEV 2025-01-27
ENISA EUVD EUVD-2025-3607
CWE
CWE-416
Status published
Products (14)
Apple/iOS and iPadOS < 18.3
apple/ipados < 17.7.6
Apple/iPadOS < 17.7.6
apple/iphone_os < 18.3
apple/macos < 13.7.5
Apple/macOS < 13.7.5
Apple/macOS < 14.7.5
Apple/macOS < 15.3
apple/tvos < 18.3
Apple/tvOS < 18.3
... and 4 more
Published Jan 27, 2025
KEV Added Jan 29, 2025
Tracked Since Feb 18, 2026