CVE-2025-24159
Published: 27 January 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-24159 is a validation issue addressed through improved logic in multiple Apple operating systems, enabling an app to execute arbitrary code with kernel privileges. The vulnerability affects iOS prior to version 18.3, iPadOS prior to 18.3 or 17.7.4, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.3, tvOS prior to 18.3, visionOS prior to 2.3, and watchOS prior to 11.3. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-94 (code injection), though NVD provides no additional CWE details.
Exploitation requires a local attacker with low-complexity access and no privileges, but user interaction is necessary. Successful exploitation grants kernel-level code execution, resulting in high impacts to confidentiality, integrity, and availability, potentially allowing full system compromise on affected devices.
Apple security advisories recommend updating to the fixed versions: iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, or watchOS 11.3. Detailed patch information is available in the referenced support articles at https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122067, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, and https://support.apple.com/en-us/122071.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a local code injection flaw (CWE-94) that allows an unprivileged app to execute arbitrary code with kernel privileges on Apple platforms, directly mapping to exploitation for privilege escalation.