A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| 2025-01-29 | 2025-02-19 | Apple Multiple Products Use-After-Free Vulnerability | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.1 | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Secondary | 3.1 | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Hyperlink | Source | Resource |
|---|---|---|
| https://support.apple.com/en-us/122066 | product-security@apple.com | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/122068 | product-security@apple.com | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/122071 | product-security@apple.com | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/122072 | product-security@apple.com | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/122073 | product-security@apple.com | Release Notes Vendor Advisory |
| http://seclists.org/fulldisclosure/2025/Apr/10 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Apr/5 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Apr/9 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Jan/12 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Jan/13 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Jan/15 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Jan/19 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Jun/19 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Oct/1 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Oct/23 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Oct/30 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2025/Oct/31 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://github.com/cisagov/vulnrichment/issues/194 | af854a3a-2127-422b-91ae-364da2661108 | Issue Tracking |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | US Government Resource |