A warning has been issued to millions of Apple users to apply the latest patches now.
A warning has been issued to millions of Apple users after a security researcher demonstrated how a critical kernel flaw could allow attackers to execute code. The security issue, patched in the latest round of software upgrades issued on Jan. 27 alongside iOS 18.3, could see an app be able to cause unexpected system termination, write kernel memory or even execute code.
Tracked as CVE-2025-24118, the vulnerability in the kernel was reported by Joseph Ravichandran (@0xjprx) of MIT CSAIL, who has now shared a proof of concept on how it works. The Apple flaw has been given a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10, which is critical.
Apple doesn’t share much information about what’s been fixed in its latest round of updates, to allow people as much time as possible to upgrade before attackers can get hold of the details. However, now the proof of concept is out, this has become even more urgent, since it shows malicious hackers how the attack can be performed.
Apple fixed the flaw with improved memory handling in iPad OS 17.7.4, macOS Sequoia 15.3 and macOS Sonoma 14.7.3.
The flaw fixed by Apple is so serious that it was the subject of a warning by the Cyber Security Agency of Singapore. “Successful exploitation of the vulnerability may allow an attacker to perform privilege escalation, memory corruption and execute kernel-level arbitrary code,” the CSA said. “Users and administrators of affected products are advised to update to the latest versions immediately.”
About The Kernel Flaw Patched In iPad OS 17.7.4, macOS Sequoia 15.3 And macOS Sonoma 14.7.3
The flaw arises from a combination of Safe Memory Reclamation, per-thread credentials, read-only page mappings, and memcpy behavior — culminating in a race condition that allows unauthorized credential modification, security site cited by CSA, securityonline.info writes
CVE-2025-24118 involves a concurrency issue within Apple’s XNU kernel, specifically targeting a process’s credentials stored in a read-only structure, according to securityonline.info. “Under normal circumstances, these credentials are protected by Safe Memory Reclamation to prevent corruption. However, a non-atomic memory update creates a time-of-check to time-of-use race condition, allowing an attacker to corrupt their credential pointer.”
The flaw can be exploited by an attacker locally using a multi-threaded attack that forces frequent credential updates.
I asked Apple to comment on this story and will update it if the iPhone maker responds.
Why You Should Update Your Mac or iPad Now
There’s no doubt this kernel flaw is serious, so updating to iPad OS 17.7.4, macOS Sequoia 15.3 and macOS Sonoma 14.7.3 is a no-brainer.
Go to your Mac System Settings > Software Updates and apply it now if possible. On an iPad it’s Settings > General > Software Update.
You can also enable automatic software updates by going to Settings > General > Software Update > Enable Automatic Updates. However, note that these are rolled out gradually so updating manually is the best way to ensure you are secure.
