CVE-2025-24224: Race Condition

Published May 12, 2025
·
Updated

Accessibility. The issue was addressed by adding additional logic.

Other sources

Admin Framework. A path handling issue was addressed with improved validation.

Apple

afclip. The issue was addressed with improved memory handling.

Apple

afpfs. The issue was addressed with improved memory handling.

Apple

afpfs. This issue was addressed with improved checks.

Apple

AMD. A race condition was addressed with improved state handling.

Apple

Credit

Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), Mickey Jin@@patch1t, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Chi Yuan Chang(ZUSO ART), taikosoup, Dawuge(Shuffle Team), Gary Kwong(Trend Micro Zero Day Initiative), CVE-2025-43226, Tony Iskow@@Tybbow, Christian Kohlschütter, Ivan Fratric(Google Project Zero), Himanshu Bharti@@Xpl0itme, Kirin@@Pwnrin, Wojciech Regula(SecuRing), Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, Ignacio Sanmillan@@ulexec, Clément Lecigne(Google's Threat Analysis Group), Vlad Stolyarov(Google's Threat Analysis Group), ABC Research s.r.o., 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, Gergely Kalman@@gergely_kalman, an anonymous researcher, 2ourc3 | Salim Largo, Anonymous(Trend Micro Zero Day Initiative), Csaba Fitzl@@theevilbit(Kandji), Minghao Lin, Jiaxun Zhu, Noah Gregory (wts.dev), Koh M. Nakagawa@@tsunek0h(Kandji), Yuebin Sun@@yuebinsun2020, Shang-De Jiang(CyCraft Technology), Kazma Ye(CyCraft Technology), Nikolai Skliarenko(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t(Team Orca of Sea Security), Keith Yeo@@kyeojy(Team Orca of Sea Security), Zhongquan Li@@Guluisacat, Martti Hütt, Ryan Dowd@@_rdowd, Guilherme Rambo(Best Buddy Apps), Apple, Google Threat Analysis Group, Saagar Jha, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Lucas Leong@@_wmliang_(Trend Micro Zero Day Initiative), CVE-2024-8176, Paweł Płatek (Trail(Bits), Dave G., Eric Dorphy(Twin Cities App Dev LLC), Google V8 Security Team, wac(Trend Micro Zero Day Initiative), rheza@@ginggilBesel(Palo Alto Networks), Edouard Bochin@@le_douds(Palo Alto Networks), Tao Yan@@Ga1ois(Palo Alto Networks), Nan Wang@@eternalsakura13, Jiming Wang, Jikai Ren, Juergen Schmied(Lynck GmbH), jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC), 秦若涵, 崔志伟, 崔宝江, Deval Jariwala, Dalibor Milanovic, Andrew James Gonzalez, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Duy Trần@@khanhduytran0, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Richard Hyunho Im@@richeeta, Andr.Ess, Shehab Khan, wac, CertiK@@CertiK, Thibaud Kehler, Joseph Ravichandran@@0xjprx(MIT CSAIL), Thomas Völkl@@vollkorntomate, SEEMOO, TU Darmstadt, Dillon Franke(Google Project Zero), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Bohdan Stasiuk@@bohdan_stasiuk, Adam M., Sourabhkumar Mishra, CVE-2025-26465, CVE-2025-26466, @@RenwaX23, 7feilee

Affected Software

16 affected componentsFixes available
Apple macOS Ventura<13.7.7
13.7.7
Apple iPadOS<17.7.9
17.7.9
Apple iOS<18.5
18.5
Apple iPadOS<18.5
18.5
Apple WatchOS<11.5
11.5
Apple macOS Sequoia<15.5
15.5
Apple visionOS<2.5
2.5
Apple tvOS<18.5
18.5
Apple iPadOS<17.7.9
Apple iPadOS>=18.0<18.5
Apple iPhone OS<18.5
Apple macOS<13.7.7
Apple macOS>=15.0<15.5
Apple tvOS<18.5
Apple visionOS<2.5
Apple WatchOS<11.5

Event History

May 12, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Jul 29, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·11:35 PM
Data Sourced
via MITRE·11:35 PM
DescriptionWeakness
Jul 30, 2025
Data Sourced
via NVD·12:15 AM
DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-24224?

CVE-2025-24224 has been rated with a high severity due to its potential impact on multiple Apple operating systems.

2

How do I fix CVE-2025-24224?

To fix CVE-2025-24224, users should update their affected Apple devices to the latest versions as specified in Apple's advisory.

3

What versions are affected by CVE-2025-24224?

CVE-2025-24224 affects Apple macOS Ventura version 13.7.7, iPadOS version 17.7.9, iOS version 18.5, and other Apple operating system versions.

4

What types of vulnerabilities does CVE-2025-24224 address?

CVE-2025-24224 addresses memory handling and path validation vulnerabilities affecting accessibility features.

5

Who is the vendor for CVE-2025-24224?

The vendor for CVE-2025-24224 is Apple, which provides updates for the impacted products and versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203