Apple Warns of Critical macOS Vulnerability, Urges Immediate Update
Apple has disclosed a severe security vulnerability in its macOS kernel, identified as CVE-2025-24118, which could allow attackers to gain kernel-level privileges. The flaw, affecting multiple versions of macOS, iPadOS, and macOS Sequoia, has been deemed a significant risk to users.
Security researcher Joseph Ravichandran from MIT CSAIL uncovered the vulnerability, which stems from a race condition in the macOS XNU kernel. This issue can lead to memory corruption, making it possible for attackers to execute malicious code with elevated system privileges.
Devices at Risk
The vulnerability affects:
- macOS Sonoma versions below 14.7.3
- macOS Sequoia versions below 15.3
- iPadOS versions below 17.7.4
Apple has released updates addressing the issue and strongly advises users to update their devices immediately to prevent potential exploitation.
How the Vulnerability Works
The flaw is linked to the p_ucred field, a credential pointer in the system’s kernel. A non-atomic function used during updates to this field created a race condition, leading to potential security breaches. Ravichandran’s Proof-of-Concept (PoC) demonstrated how attackers could manipulate system processes to alter user credentials and escalate privileges.
Apple’s Fix and User Action
Apple has patched the vulnerability in:
- macOS 15.3
- macOS Sonoma 14.7.3
- iPadOS 17.7.4
The fix involves replacing non-atomic writes with atomic operations, ensuring better synchronization and preventing unauthorized access.
Call to Action
Apple urges users and organizations to:
- Update their devices to the latest macOS and iPadOS versions.
- Avoid running unverified software or granting excessive permissions to unknown applications.
- Stay vigilant, as security flaws in modern kernels continue to pose challenges.
While Apple has quickly addressed the issue, the release of a PoC exploit highlights the ongoing risks. Users should act immediately to secure their systems and protect sensitive data from potential threats.
