CVE-2025-24085 - Apple Multiple Products Use-After-Free Vulnerability

Apple | Multiple Products

• Date Added:
• 2025-01-29

• Due Date:
• 2025-02-19

Vulnerability Name

Apple Multiple Products Use-After-Free Vulnerability

Description

Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122066 ; https://support.apple.com/en-us/122068 ; https://support.apple.com/en-us/122071 ; https://support.apple.com/en-us/122072 ; https://support.apple.com/en-us/122073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24085

Latest Security News

DeepSeek exposes database with over 1 million chat records

New Jailbreaks Allow Users to Manipulate GitHub Copilot

The Advantages of Cloud-Based Remote Desktop versus RDP over VPN

Major GitHub outage affects pull requests and other services

Microsoft lifts Windows 11 update block for PCs with gaming issues

Police seizes Cracked and Nulled hacking forum servers, arrests suspects

Exposure Management Provider CYE Acquires Solvo

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowCSP: X-Content-Security-Policy

Top CVE List

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability

CVE-2010-5326 SAP NetWeaver Remote Code Execution Vulnerability

CVE-2015-0071 Microsoft Internet Explorer ASLR Bypass Vulnerability

CVE-2015-2360 Microsoft Win32k Privilege Escalation Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

CWE-284 Improper Access Control

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-304 Missing Critical Step in Authentication

CWE-1053 Missing Documentation for Design