CVE-2025-24243
Published: 31 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-24243 is a code injection vulnerability (CWE-94) addressed through improved memory handling in multiple Apple operating systems. Processing a maliciously crafted file may lead to arbitrary code execution. The vulnerability affects iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, visionOS prior to 2.4, and watchOS prior to 11.4. It was published on 2025-03-31 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Exploitation requires local access with low complexity and no privileges, but user interaction such as opening the malicious file. A successful attack allows arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability on the targeted device.
Apple security advisories at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375 confirm the issue is fixed in the listed versions. Mitigation involves updating affected devices to these patched releases.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a code injection flaw triggered by processing a maliciously crafted file, directly enabling arbitrary code execution via user interaction (opening the file). This maps precisely to T1204.002 Malicious File.