CVE-2025-31212: Double Free
Published May 12, 2025
·Updated
afpfs. The issue was addressed with improved memory handling.
Credit
Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Guilherme Rambo(Best Buddy Apps), Apple, Google Threat Analysis Group, Saagar Jha, Tony Iskow@@Tybbow, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Lucas Leong@@_wmliang_(Trend Micro Zero Day Initiative), Christian Kohlschütter, CVE-2024-8176, Paweł Płatek (Trail(Bits), Dave G., Eric Dorphy(Twin Cities App Dev LLC), Google V8 Security Team, Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), wac(Trend Micro Zero Day Initiative), rheza@@ginggilBesel(Palo Alto Networks), Edouard Bochin@@le_douds(Palo Alto Networks), Tao Yan@@Ga1ois(Palo Alto Networks), Nan Wang@@eternalsakura13, Ignacio Sanmillan@@ulexec, Jiming Wang, Jikai Ren, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, Ivan Fratric(Google Project Zero), Juergen Schmied(Lynck GmbH), jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC), 秦若涵, 崔志伟, 崔宝江, Deval Jariwala, Dalibor Milanovic, Andrew James Gonzalez, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Duy Trần@@khanhduytran0, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Richard Hyunho Im@@richeeta, Andr.Ess, Shehab Khan, wac, CertiK@@CertiK, Thibaud Kehler, Joseph Ravichandran@@0xjprx(MIT CSAIL), Thomas Völkl@@vollkorntomate, SEEMOO, TU Darmstadt, Dillon Franke(Google Project Zero), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Bohdan Stasiuk@@bohdan_stasiuk, an anonymous researcher, Adam M., Sourabhkumar Mishra, CVE-2025-26465, CVE-2025-26466, Csaba Fitzl@@theevilbit(Kandji), @@RenwaX23, Ryan Dowd@@_rdowd, Kirin@@Pwnrin, 7feilee, Noah Gregory (wts.dev)
Affected Software
12 affected componentsFixes available
Apple macOS Sequoia<15.5
15.5
Apple tvOS<18.5
18.5
Apple visionOS<2.5
2.5
Apple iOS<18.5
18.5
Apple iPadOS<18.5
18.5
Apple WatchOS<11.5
11.5
Apple iPadOS<18.5
Apple iPhone OS<18.5
Apple macOS<15.5
Apple tvOS<18.5
Apple visionOS<2.5
Apple WatchOS<11.5
Event History
May 12, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·09:42 PM
Data Sourced
via MITRE·09:42 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-31212?
CVE-2025-31212 is classified as a high-severity vulnerability due to potential exploitation of memory handling and permissions issues.
2
How do I fix CVE-2025-31212?
To mitigate CVE-2025-31212, update your Apple devices to the latest versions of macOS Sequoia, tvOS, visionOS, iOS, iPadOS, or watchOS as specified in the advisory.
3
What products are affected by CVE-2025-31212?
CVE-2025-31212 affects Apple macOS Sequoia, tvOS, visionOS, iOS, iPadOS, and watchOS up to specified versions.
4
What type of issues does CVE-2025-31212 address?
CVE-2025-31212 addresses memory handling vulnerabilities and permissions issues with improved input checks.
5
When was CVE-2025-31212 discovered?
CVE-2025-31212 was reported and addressed in 2025, highlighting ongoing improvements in security measures from Apple.