Details of VAR-202501-3666

ID

VAR-202501-3666

CVE

CVE-2025-24085

TITLE

Freed memory usage vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2025-001242

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. iPadOS , iOS , macOS Multiple Apple products contain a freed memory usage vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. VisionOS is an AR glasses system released by Apple at the 2023 Apple Worldwide Developers Conference on June 6, 2023. Apple Vision Pro will be equipped with this system for the first time. tvOS is a TV operating system developed by Apple based on iOS. watchOS is a watch operating system developed by Apple based on iOS for use on Apple Watch. iPadOS‌ is a mobile operating system developed by Apple for iPad devices. It is developed based on iOS and is optimized specifically for iPad. macOS is an operating system developed by Apple that runs on Macintosh computers. ‌ Many Apple products have a memory release and reuse vulnerability, which attackers can exploit to elevate privileges

Trust: 2.16

sources: NVD: CVE-2025-24085 // JVNDB: JVNDB-2025-001242 // CNVD: CNVD-2025-07885

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07885

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	18.3	Trust: 1.6
vendor:	apple	model:	visionos	scope:	lt	version:	2.3	Trust: 1.6
vendor:	apple	model:	watchos	scope:	lt	version:	11.3	Trust: 1.6
vendor:	apple	model:	tvos	scope:	lt	version:	18.3	Trust: 1.6
vendor:	apple	model:	macos	scope:	lt	version:	15.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	18.3	Trust: 1.0
vendor:	アップル	model:	watchos	scope:	eq	version:	11.3	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	visionos	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	macos sequoia	scope:	lt	version:	15.3	Trust: 0.6
vendor:	apple	model:	ios	scope:	lt	version:	18.3	Trust: 0.6

sources: CNVD: CNVD-2025-07885 // JVNDB: JVNDB-2025-001242 // NVD: CVE-2025-24085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-24085
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-24085
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-24085
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-07885
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07885
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-24085
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2025-24085
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07885 // JVNDB: JVNDB-2025-001242 // NVD: CVE-2025-24085 // NVD: CVE-2025-24085

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [ others ]	Trust: 0.8
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-001242 // NVD: CVE-2025-24085

PATCH

title:	122072 Apple Security update	url:	https://support.apple.com/en-us/122066	Trust: 0.8
title:	Patch for Memory free-and-reuse vulnerability in multiple Apple products	url:	https://www.cnvd.org.cn/patchInfo/show/682241	Trust: 0.6

sources: CNVD: CNVD-2025-07885 // JVNDB: JVNDB-2025-001242

EXTERNAL IDS

db:	NVD	id:	CVE-2025-24085	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-001242	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07885	Trust: 0.6

sources: CNVD: CNVD-2025-07885 // JVNDB: JVNDB-2025-001242 // NVD: CVE-2025-24085

REFERENCES

url:	https://support.apple.com/en-us/122066	Trust: 1.6
url:	https://support.apple.com/en-us/122068	Trust: 1.0
url:	https://support.apple.com/en-us/122072	Trust: 1.0
url:	https://support.apple.com/en-us/122071	Trust: 1.0
url:	https://support.apple.com/en-us/122073	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-24085	Trust: 0.8

sources: CNVD: CNVD-2025-07885 // JVNDB: JVNDB-2025-001242 // NVD: CVE-2025-24085

SOURCES

db:	CNVD	id:	CNVD-2025-07885
db:	JVNDB	id:	JVNDB-2025-001242
db:	NVD	id:	CVE-2025-24085

LAST UPDATE DATE

2025-04-23T23:07:47.575000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07885	date:	2025-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-001242	date:	2025-01-30T03:01:00
db:	NVD	id:	CVE-2025-24085	date:	2025-03-21T21:01:31.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07885	date:	2025-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-001242	date:	2025-01-30T00:00:00
db:	NVD	id:	CVE-2025-24085	date:	2025-01-27T22:15:14.990