Currently, millions of Apple users are being issued warnings to apply the latest patches.
Getty Images
A warning has been issued to millions of Apple users after security researchers demonstrated how critical kernel flaws allow attackers to execute their code. A security issue with patched in the latest software upgrade issued on January 27th alongside iOS 18.3 is that apps can cause unexpected system termination, create kernel memory, and execute code. You can see that you can.
A kernel vulnerability tracked as CVE-2025-24118 was reported by Joseph Ravichandran (@0xJPrx) of MIT Csail. Apple’s flaws are given a common Vulnerability Scoring System (CVSSV3.1) score of 9.8 out of 10, which is important.
Apple doesn’t share much information about what was fixed in the latest round of updates. This is to allow attackers to upgrade as much as possible before they can retain details. But this is even more urgent as it now shows malicious hackers how the attack will be carried out.
Apple fixed a flaw with improved memory handling on iPad OS 17.7.4, Macos Sequoia 15.3, and Macos Sonoma 14.7.3.
The flaws fixed by Apple are so serious that they were subject to warnings from Singapore’s cybersecurity agencies. “The successful exploitation of vulnerabilities could allow attackers to escalate privileges, corrupt memory and execute nuclear-level arbitrary code,” the CSA said.
About defects in patched kernels on iPad OS 17.7.4, Macos Sequoia 15.3, and Macos Sonoma 14.7.3
The flaws arise from a combination of secure memory regeneration, per-thread credentials, read-only page mapping, and MEMCPY behavior.
CVE-2025-24118 includes concurrency issues within Apple’s XNU kernel, specifically targeting the credentials of processes stored in read-only structures, according to SecurityOnline.info. “In normal circumstances, these qualifications are protected by safe memory regeneration to prevent corruption. However, non-atomic memory updates create time for checks up to race state of usage and attackers. allows you to destroy the qualification pointer.”
The flaw can be exploited locally by attackers using multi-threaded attacks that frequently force credential updates.
I ask Apple to comment on this story and update it if the iPhone maker responds.
Why you should update your Mac or iPad now
There is no doubt that this kernel’s defect is serious. Therefore, updating to iPad OS 17.7.4, Macos Sequoia 15.3, Macos Sonoma 14.7.3 is easy.
Go to your Mac system settings > Update your software and apply it now if possible. On the iPad, go to Settings > General > Software Updates.
You can also enable automatic software updates by enabling (Settings)>(General Updates)>(Auto Updates). However, please note that as these are gradually deployed, manually updating is the best way to ensure they are safe.
