Bug permits unprivileged access to memory data A vulnerability in Apple’s XNU kernel surfaces today from a researcher that disclosed a privilage-escalation issue that could allow attackers to take over a device.
The vulnerability, assigned CVE-2025-24118, is a race condition that could be exploited to give local attackers access to higher system privileges, which can be used to take over the targeted device.
The vulnerability was uncovered by security researchers from MIT CSAIL, and it has been given a critical rating of 9.8 out of 10 on the CVSS scale. Issue exists in XNU kernel that fails to handle concurrent memory operations, which is related to process credentials.
With careful process scheduling, combined with triggering uncoordinated accesses to certain critical kernel memory structures, the attacker may corrupt memory or overwrite function pointers. From there, one could use this issue to perform other attacks at the highest privilege levels of the system.
The vulnerability is due to a time-of-check to time-of-use (TOCTOU) race condition related to the p_ucred field, which is used by a process to store its credentials information.
A local attacker without privileges can use this where a multi-threaded application updates credentials and begins another thread which can lead to a race condition or a non-atomic operation that results in the credentials to contain a compromised thread’s credential pointer. An attacker who successfully exploited this vulnerability could ensure that their own processes would be more highly privileged.
Apple has released updates and fixes to mitigate this serious vulnerability entitled macOS Sonoma 14.7.3, macOS Sequoia 15.3 and iPadOS 17.7.4 on January 27, 2025. Resolution The resolution is to use atomic operations to assign the new p_ucred field so that this process is synchronized and cannot be subject to a race.
Though there are no known incidents of the flaw being exploited in the wild at the present time, the existence of a proof-of-concept (PoC) exploit has increased the urgency for Apple users to upgrade the software on their devices without delay. Security researchers are urging all macOS, iOS and iPadOS users to make sure their devices are running the latest operating system versions, to reduce the risk of future attacks taking place.
It should serves as a reminder of the need for prompt security updates and demonstrates the challenges of securing complex operating-system kernels like Apple’s XNU. Users should also follow common security guidelines, including not running untrusted software and restricting application permissions. Groups, in the meantime, should keep an eye on their systems for any strange activity which could signal a security compromise is nigh.
