CVE-2025-31242: Double Free
Published Jan 27, 2025
·Updated
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.3, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
Other sources
afpfs. The issue was addressed with improved memory handling.
— Apple
afpfs. This issue was addressed with improved checks.
— Apple
AirDrop. A permissions issue was addressed with additional restrictions.
— Apple
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
Apple Intelligence Reports. A permissions issue was addressed with additional restrictions.
— Apple
Credit
Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Csaba Fitzl@@theevilbit(Kandji), an anonymous researcher, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Mateusz Krzywicki@@krzywix, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Lucas Leong@@_wmliang_(Trend Micro Zero Day Initiative), Christian Kohlschütter, CVE-2024-8176, Paweł Płatek (Trail(Bits), LFY@@secsys(Fudan University), wac, Dave G., Kirin@@Pwnrin, 7feilee, Eric Dorphy(Twin Cities App Dev LLC), Adam M., CVE-2025-26465, CVE-2025-26466, Lyutoon(Atredis Partners), YenKoc(Atredis Partners), Joseph Ravichandran@@0xjprx(MIT CSAIL), Dillon Franke(Google Project Zero), wac(Trend Micro Zero Day Initiative), Wojciech Regula(SecuRing), Google V8 Security Team, Ignacio Sanmillan@@ulexec, Jiming Wang, Jikai Ren, Bohdan Stasiuk@@Bohdan_Stasiuk, Mickey Jin@@patch1t, Minghao Lin@@Y1nKoc(Zhejiang University), babywu(Zhejiang University), (Zhejiang University), Xingwei Lin(Zhejiang University), Wang Yu(Cyberserval), Desmond(Trend Micro Zero Day Initiative), Pwn2car & Rotiple(HyeongSeok Jang)(Trend Micro Zero Day Initiative), Arsenii Kostromin (0x3c3e), Joshua Jones, DongJun Kim@@smlijun, JongSeong Kim in Enki WhiteHat@@nevul37, D4m0n, Ivan Fratric(Google Project Zero), 风(binary_fmyy), Minghao Lin@@Y1nKoc, Pedro Tôrres@@t0rr3sp3dr0, 神罚@@Pwnrin, Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Zhongquan Li@@Guluisacat, Junsung Lee, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Yann GASCUEL(Alter Solutions), jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC), PixiePoint Security, CertiK SkyFall Team, Google Threat Analysis Group, pattern-f@@pattern_F_, Minghao Lin@(Y1nKoc), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Uri Katz (Oligo Security), Guilherme Rambo(Best Buddy Apps), Apple, Saagar Jha, Tony Iskow@@Tybbow, Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), rheza@@ginggilBesel(Palo Alto Networks), Edouard Bochin@@le_douds(Palo Alto Networks), Tao Yan@@Ga1ois(Palo Alto Networks), Nan Wang@@eternalsakura13, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, Juergen Schmied(Lynck GmbH), Ron Masas(BREAKPOINT), Andrew James Gonzalez, Richard Hyunho Im@@richeeta, Andr.Ess, Noah Gregory (wts.dev), Thibaud Kehler, 秦若涵, 崔志伟, 崔宝江, Deval Jariwala, Dalibor Milanovic, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Duy Trần@@khanhduytran0, Shehab Khan, CertiK@@CertiK, Thomas Völkl@@vollkorntomate, SEEMOO, TU Darmstadt, Kirin@@Pwnrin(Fudan University), Bohdan Stasiuk@@bohdan_stasiuk, Sourabhkumar Mishra, @@RenwaX23, Ryan Dowd@@_rdowd
Affected Software
13 affected componentsFixes available
Apple macOS Ventura<13.7.6
13.7.6
Apple macOS Sonoma<14.7.6
14.7.6
Apple iPadOS<17.7.7
17.7.7
Apple iPadOS<17.7.7
Apple macOS<13.7.6
Apple macOS>=14.0<14.7.6
Apple macOS>=15.0<15.5
Apple WatchOS<11.5
11.5
Apple iOS<18.5
18.5
Apple iPadOS<18.5
18.5
Apple tvOS<18.5
18.5
Apple macOS Sequoia<15.5
15.5
Apple visionOS<2.5
2.5
Event History
Jan 27, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
May 12, 2025
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·09:42 PM
Data Sourced
via MITRE·09:42 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-31240
- CVE-2025-31237
- CVE-2025-31251
- CVE-2025-31235
- CVE-2025-31208
- CVE-2025-31196
- CVE-2025-31209
- CVE-2025-31239
- CVE-2025-31233
- CVE-2025-30453
- CVE-2025-24258
- CVE-2025-30448
- CVE-2025-31232
- CVE-2025-24144
- CVE-2025-31219
- CVE-2025-31241
- CVE-2024-8176
- CVE-2025-30440
- CVE-2025-31222
- CVE-2025-24274
- CVE-2025-24142
- CVE-2025-31245
- CVE-2025-31224
- CVE-2025-31221
- CVE-2025-31213
- CVE-2025-31247
- CVE-2025-30442
- CVE-2025-31242
- CVE-2025-31220
- CVE-2025-24155
- CVE-2025-31246
- CVE-2025-26465
- CVE-2025-26466
- CVE-2025-24097
- CVE-2025-24111
- CVE-2025-31210
- CVE-2025-31226
- CVE-2025-24225
- CVE-2025-31228
- CVE-2025-24259
- CVE-2025-24220
- CVE-2025-24213
- CVE-2025-31217
- CVE-2025-31215
- CVE-2025-31206
- CVE-2025-24109
- CVE-2025-24100
- CVE-2025-24114
- CVE-2025-24121
- CVE-2025-24122
- CVE-2025-24127
- CVE-2025-24106
- CVE-2024-44172
- CVE-2025-24123
- CVE-2025-24124
- CVE-2025-24102
- CVE-2025-24174
- CVE-2025-24086
- CVE-2025-24094
- CVE-2025-24115
- CVE-2025-24116
- CVE-2024-55549
- CVE-2025-24855
- CVE-2025-24136
- CVE-2025-24099
- CVE-2025-24130
- CVE-2025-24183
- CVE-2025-24146
- CVE-2024-54497
- CVE-2025-24093
- CVE-2025-24149
- CVE-2025-24103
- CVE-2025-24185
- CVE-2025-24139
- CVE-2025-24151
- CVE-2025-24138
- CVE-2025-24176
- CVE-2025-31248
- CVE-2025-24154
- CVE-2025-43374
- CVE-2025-24120
- CVE-2025-24156
- CVE-2025-24137
- CVE-2025-24112
- CVE-2024-54509
- CVE-2025-24161
- CVE-2025-24160
- CVE-2025-24163
- CVE-2025-24118
- CVE-2025-24159
- CVE-2024-44243
- CVE-2025-24092
- CVE-2025-31212
- CVE-2025-31200
- CVE-2025-24224
- CVE-2025-31223
- CVE-2025-31238
- CVE-2025-24223
- CVE-2025-31204
- CVE-2025-31205
- CVE-2025-31257
- CVE-2025-31216
- CVE-2025-31214
- CVE-2025-31225
- CVE-2025-31253
- CVE-2025-31207
- CVE-2025-31227
- CVE-2025-31234
- CVE-2025-31260
- CVE-2025-24222
- CVE-2025-31236
- CVE-2025-30443
- CVE-2025-31218
- CVE-2025-31256
- CVE-2025-31244
- CVE-2025-31258
- CVE-2025-31266
- CVE-2025-31249
- CVE-2025-31259
- CVE-2025-31250
Frequently Asked Questions
1
What is the severity of CVE-2025-31242?
CVE-2025-31242 has been classified with a high severity rating due to potential memory handling issues.
2
How do I fix CVE-2025-31242?
To fix CVE-2025-31242, update your affected macOS version to the latest available version provided by Apple.
3
Which versions are affected by CVE-2025-31242?
CVE-2025-31242 affects macOS Ventura versions up to 13.7.6, macOS Sequoia up to 15.5, and other specified Apple operating systems.
4
What type of vulnerability is CVE-2025-31242?
CVE-2025-31242 is a vulnerability related to memory handling and permissions issues in Apple's operating systems.
5
Are there any workarounds for CVE-2025-31242?
Currently, it is recommended to apply the security update provided by Apple as a workaround for CVE-2025-31242.