Read Time:1 Minute, 26 Second

A critical vulnerability has been identified in the macOS kernel (XNU), designated as CVE-2025-24118, which poses significant risks for users of Apple’s operating systems. With a CVSS score of 9.8, this flaw allows attackers to escalate privileges, corrupt memory, and potentially execute arbitrary code at the kernel level. The vulnerability was disclosed by security researcher Joseph Ravichandran from MIT CSAIL, who provided a detailed analysis of the issue.

The root of CVE-2025-24118 lies in a race condition that arises from the interaction of several kernel features, including Safe Memory Reclamation (SMR), per-thread credentials, and read-only page mappings. Under normal circumstances, these credentials are safeguarded by SMR to prevent unauthorized modifications. However, a non-atomic memory update creates a time-of-check to time-of-use (TOCTOU) race condition, allowing an attacker to manipulate their credential pointer.

Ravichandran elaborates that this vulnerability enables the corruption of the kauth_cred_t credential pointer within a thread. Specifically, the SMR-protected p_ucred field can be altered to point to invalid memory or even to a more privileged credential. This exploitation can be effectively executed by an unprivileged local attacker through a multi-threaded attack that forces frequent updates to credentials.

In response to this critical threat, Apple has released patches in macOS Sonoma 14.7.3, macOS Sequoia 15.3, and iPadOS 17.7.4. The updates enhance memory handling and enforce atomic updates for credential pointers, thus mitigating the risk posed by this vulnerability.

As cyber threats continue to evolve, it is crucial for users and organizations to remain vigilant and ensure their systems are updated with the latest security patches to protect against potential exploits like CVE-2025-24118.

Leave a Reply

Your email address will not be published. Required fields are marked *