Overview 

CISA recently added guidance to CVE-2025-24085, a use-after-free issue, which affects Apple devices running on visionOS, iOS, iPadOS, macOS, tvOS, and watchOS. The problem is related to memory management, specifically when an application continues to access memory that has already been released. There has been evidence of active exploitation of this CVE against versions of iOS before iOS 17.2, and a successful exploit could allow a malicious application to elevate privileges on the device, cause applications to crash or allow malicious code execution. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. 

United States government organizations are required to have all vulnerable devices patched by February 19, 2025. While CISA’s requirement is only for US government organizations, their guidance should be a source of information for enterprise organizations, as well. 

‍

Lookout Analysis

Regardless of who builds software, it is rarely perfect. Vulnerabilities are common in the mobile ecosystem, across both hardware and software, just like they are for laptops, desktops, and any other technology. Apple has the advantage of building and maintaining both its hardware and software products, which reduces the variables that could lead to exploitable code. However, this doesn’t mean that Apple devices are impenetrable. 

This incident, along with similar occurrences, demonstrates that despite the significant efforts invested in creating exploitation mitigations and conducting code audits, memory corruption vulnerabilities continue to be widespread and exploitable in practical scenarios. Without visibility into vulnerable devices across your mobile fleet, your organization and its data could be exposed to threats like this. To combat these problems, security teams should leverage mobile EDR to integrate mobile device and app vulnerability data into their SIEM, SOAR, or XDR solution

‍