High severity7.8NVD Advisory· Published Mar 31, 2025· Updated Apr 2, 2026

CVE-2025-24243

Description

A memory handling issue in Apple operating systems allows arbitrary code execution when processing a maliciously crafted file, patched in the March 2025 updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory handling issue in Apple operating systems allows arbitrary code execution when processing a maliciously crafted file, patched in the March 2025 updates.

Vulnerability

Overview CVE-2025-24243 is a memory handling issue in Apple's operating systems. The official description indicates that processing a maliciously crafted file could lead to arbitrary code execution. The root cause is improved memory handling, suggesting a memory corruption bug such as a buffer overflow or use-after-free.

Exploitation

An attacker would need to deliver a specially crafted file to the target user. The attack vector is likely local or via user interaction (e.g., opening a file). No authentication is required beyond the user's action. The vulnerability affects multiple Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.

Impact

Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the affected application, potentially leading to full system compromise. The CVSS score of 7.8 (High) reflects the severity.

Mitigation

Apple has released patches in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4 [1][2][3][4]. Users should update to the latest versions.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.7.6
Apple Inc./Iphone OS
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=13.0,<13.7.5
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.4
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: <18.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122371nvdVendor Advisory
support.apple.com/en-us/122372nvdVendor Advisory
support.apple.com/en-us/122373nvdVendor Advisory
support.apple.com/en-us/122374nvdVendor Advisory
support.apple.com/en-us/122375nvdVendor Advisory
support.apple.com/en-us/122377nvdVendor Advisory
support.apple.com/en-us/122378nvdVendor Advisory
seclists.org/fulldisclosure/2025/Apr/10nvd
seclists.org/fulldisclosure/2025/Apr/11nvd
seclists.org/fulldisclosure/2025/Apr/12nvd
seclists.org/fulldisclosure/2025/Apr/13nvd
seclists.org/fulldisclosure/2025/Apr/4nvd
seclists.org/fulldisclosure/2025/Apr/5nvd
seclists.org/fulldisclosure/2025/Apr/8nvd
seclists.org/fulldisclosure/2025/Apr/9nvd
support.apple.com/en-us/122376nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000