CVE-2025-24154

CVE-2025-24154 is an out-of-bounds write vulnerability (CWE-787, CWE-757) that was addressed through improved input validation in multiple Apple operating systems. The affected software includes iOS versions prior to 18.3, iPadOS versions prior to 18.3, macOS Sequoia versions prior to 15.3, macOS Sonoma versions prior to 14.7.3, macOS Ventura versions prior to 13.7.3, and visionOS versions prior to 2.3. Published on January 27, 2025, the flaw resides at the kernel level, enabling potential memory corruption.

The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required, and unchanged scope. Remote, unauthenticated attackers can leverage it to cause unexpected system termination or corrupt kernel memory, resulting in high-impact availability disruption or integrity violations that could facilitate denial-of-service or serve as a primitive for further kernel exploitation.

Apple's security advisories, detailed in support documents such as https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, https://support.apple.com/en-us/122070, and https://support.apple.com/en-us/122073, confirm the issue is fixed in the listed updates. Mitigation requires immediate patching to iOS 18.3/iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, or visionOS 2.3, with no additional workarounds specified.