Introduction

A critical vulnerability, identified as CVE-2025-24118, has been discovered in Apple’s macOS and iPadOS. This issue allows malicious applications to potentially cause unexpected system termination or write kernel memory. This flaw is classified with a CVSS score of 9.8, marking it as highly critical. Affected users are advised to update their systems immediately to prevent exploitation.

Technical Overview

The vulnerability arises due to improper memory handling, which can lead to system crashes or the writing of unauthorized data to kernel memory. This issue is present in macOS versions prior to Sequoia 15.3, Sonoma 14.7.3, and iPadOS 17.7.4. The flaw can be exploited by malicious applications, potentially affecting the integrity and availability of system data.

Impact and CVSS Score

The CVSS score for CVE-2025-24118 is 9.8, which signifies a critical vulnerability. The CVSS vector string for this issue is:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This means:

• The attack can be carried out remotely (Network attack vector).
• The vulnerability has low complexity, making it easier to exploit.
• No user interaction is required, which makes it even more dangerous.
• It affects the confidentiality, integrity, and availability of the system.

Apple’s Response

Apple has released fixes for this issue in the latest updates: iPadOS 17.7.4, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. These updates improve memory handling, addressing the vulnerability and preventing unauthorized access to kernel memory.

Conclusion

Given the severity of CVE-2025-24118, it is strongly recommended that all users of affected macOS and iPadOS versions update to the latest versions immediately. Keeping your devices up to date is crucial to ensuring the security and integrity of your data.

References

• Apple Support: CVE-2025-24118 – Security Update
• Apple Support: Additional Information on Security Updates
• Apple Support: macOS Update