CVE-2025-31196: Double Free
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Credit
Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G., Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Dillon Franke(Google Project Zero), wac(Trend Micro Zero Day Initiative), Csaba Fitzl@@theevilbit(Kandji), an anonymous researcher, Lyutoon(Atredis Partners), YenKoc(Atredis Partners), Dayton Pidhirney(Atredis Partners), Mateusz Krzywicki@@krzywix, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Lucas Leong@@_wmliang_(Trend Micro Zero Day Initiative), Christian Kohlschütter, CVE-2024-8176, Paweł Płatek (Trail(Bits), LFY@@secsys(Fudan University), CVE-2025-26465, CVE-2025-26466, wac, Kirin@@Pwnrin, 7feilee, Eric Dorphy(Twin Cities App Dev LLC), Adam M., Lyutoon, YenKoc, Uri Katz (Oligo Security), Mickey Jin@@patch1t, Wojciech Regula(SecuRing), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Bohdan Stasiuk@@bohdan_stasiuk, Dominik Rath, Martin Kreichgauer(Google Chrome), Ian Mckay@@iann0036, Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Google Threat Analysis Group, Nolan Astrein(Kandji), pattern-f@@pattern_F_, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Gergely Kalman@@gergely_kalman, CVE-2024-9681, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Pietro Francesco Tirenna(Shielder), Davide Silvetti(Shielder), Abdel Adim Oisfi(Shielder), luckyu@@uuulucky, Rodolphe BRUNETTI@@eisw0lf, Andr.Ess, Manuel Fernandez (Stackhopper Security), ABC Research s.r.o., Wang Yu(Cyberserval), Anonymous(Trend Micro Zero Day Initiative), Murray Mike, mzzzz__, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Ye Zhang@@VAR10CK(Baidu Security), Dave G.(Supernetworks), Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), Ian Beer(Google Project Zero), Kenneth Chew, CVE-2024-48958, CVE-2025-27113, CVE-2024-56171, Alex Radocea(Supernetworks), 风沐云烟@@binary_fmyy, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Diamant Osmani & Valdrin Haliti [Kosovë], dbpeppe, Solitechworld, Pwn2car, Jimmy, Mickey Jin@@patch1t(Kandji), (Kandji), Pedro Tôrres@@t0rr3sp3dr0, Noah Gregory (wts.dev), CVE-2023-27043, Jaydev Ahire, @@RenwaX23, Syarif Muhammad Sajjad, Yiğit Can YILMAZ@@yilmazcanyigit, Arsenii Kostromin (0x3c3e), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Halle Winkler, Politepix theoffcuts.org, Dolf Hoegaerts, Michiel Devliegere, Andrew James Gonzalez, K宝@@Pwnrin, Tong Liu@@Lyutoon_, 风(binary_fmyy), F00L, Richard Hyunho Im with routezero.security@@richeeta, zbleet(QI), Cristian Dinca(Computer Science), Romania, 风沐云烟 (binary_fmyy), Kirin, FlowerCode, Zhongquan Li@@Guluisacat, Pedro José Pereira Vieito / pvieito.com)@@pvieito, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Gary Kwong, Paul Bakker(ParagonERP), Francisco Alonso@@revskills, rheza@@ginggilBesel, PixiePoint Security, Andreas Hegenberg (folivora.AI GmbH), Ron Masas(BREAKPOINT), Zhongcheng Li(IES Red Team of ByteDance), Michael (Biscuit) Thomas - @social.lol@@biscuit, Lehan Dilusha@@zafer, Apple, Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Florian Draschbacher, Jax Reissner, Dalibor Milanovic, Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, Saagar Jha, Richard Hyunho Im@@richeeta, Google V8 Security Team, Ignacio Sanmillan@@ulexec, Jiming Wang, Jikai Ren, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, Thibaud Kehler, jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC)
Affected Software
12 affected componentsFixes available
Apple macOS Sonoma<14.7.6
14.7.6
Apple macOS Ventura<13.7.6
13.7.6
Apple iPadOS<17.7.7
17.7.7
Apple iPadOS<17.7.7
Apple macOS<13.7.6
Apple macOS>=14.0<14.7.6
Apple visionOS<2.4
2.4
Apple tvOS<18.4
18.4
Apple iOS<18.4
18.4
Apple iPadOS<18.4
18.4
Apple macOS Sequoia<15.4
15.4
Apple WatchOS<11.4
11.4
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Apr 1, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
May 12, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·09:42 PM
Data Sourced
via MITRE·09:42 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-31196?
CVE-2025-31196 has a high severity rating due to its potential impact on system stability and security.
2
How does CVE-2025-31196 affect affected software?
CVE-2025-31196 can lead to memory handling errors and cause security vulnerabilities in affected versions of macOS and iPadOS.
3
How do I fix CVE-2025-31196?
To mitigate CVE-2025-31196, users should update their Apple devices to the latest versions as per the vendor's recommendations.
4
Which versions of Apple software are affected by CVE-2025-31196?
CVE-2025-31196 affects Apple macOS Sonoma up to version 14.7.6, macOS Ventura up to version 13.7.6, and iPadOS up to version 17.7.7.
5
What types of issues does CVE-2025-31196 address?
CVE-2025-31196 addresses issues related to memory handling, permissions restrictions, and input sanitization in various Apple components.