9.8
CVSSv3

CVE-2025-24118

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.00045 | KEV: Not Included
Published: 27/01/2025 Updated: 28/01/2025

Vulnerability Summary

Memory Corruption Vulnerability in Apple Operating Systems Enabling Kernel Memory Manipulation

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple macos

apple ipados

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-01-27-2025-5 macOS Sonoma 1473 macOS Sonoma 1473 addresses the following issues Information about the security content is also available at supportapplecom/122069 Apple maintains a Security Releases page at supportapplecom/100100 which lists recent software update ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-01-27-2025-3 iPadOS 1774 iPadOS 1774 addresses the following issues Information about the security content is also available at supportapplecom/122067 Apple maintains a Security Releases page at supportapplecom/100100 which lists recent software updates with secur ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-01-27-2025-4 macOS Sequoia 153 macOS Sequoia 153 addresses the following issues Information about the security content is also available at supportapplecom/122068 Apple maintains a Security Releases page at supportapplecom/100100 which lists recent software updates ...

Github Repositories

An XNU kernel race condition bug

TRAVERTINE (CVE-2025-24118) Writeup: jprxio/cve-2025-24118 Usage gcc TRAVERTINEc -o travertine chgrp everyone travertine chmod g+s travertine /travertine

CVE-2025-24118 Exploit (Python) Overview This repository contains a Proof of Concept (PoC) for CVE-2025-24118, a race condition vulnerability discovered in macOS's kernel The vulnerability arises due to non-atomic updates to a process's credentials, specifically in the kauth_cred_proc_update function, which handles updates to the proc_rop_ucred field This PoC demon