CISA Alert January 20, 2024: Apple Products

CISA alert apple products
Here are the latest Known Exploited Vulnerabilities including Apple visionOS, tvOS, macOS, watchOS, iOS, and iPadsOS recently released by CISA in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). These Apple product vulnerabilities have all been rated as high-risk per the criteria listed below.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

VULNERABILITIES

Vendor/Product:  Apple

Description:  Apple Multiple Products Use-After-Free Vulnerability:

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Impact: 

Visit these links for specific product impact:

https://support.apple.com/en-us/122066

https://support.apple.com/en-us/122068

https://support.apple.com/en-us/122071

https://support.apple.com/en-us/122072

https://support.apple.com/en-us/122073

Source: CVE-2025-24085

Max Severity:  High

CVSS Score: 7.8

Mitigation:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Check your Apple devices immediately!

Don’t rely on the automatic update function!

Posted in CISA Alerts Cybersecurity Cybersecurity Advisories IT Consulting IT Managed Services Managed IT Managed Service Provider Managed Services News Technology Vulnerability ManagementTags