CVE-2025-24252
Published Apr 29, 2025
Last updated 8 days ago
AI description
CVE-2025-24252 is a use-after-free (UAF) vulnerability in Apple's AirPlay protocol. It stems from a memory management issue. A successful exploit could allow a remote attacker to execute arbitrary code. This vulnerability is part of a set of vulnerabilities known as "AirBorne". When CVE-2025-24252 is combined with CVE-2025-24206 (an authentication bypass vulnerability), it can lead to zero-click remote code execution (RCE) on vulnerable devices within the same network. This combination allows an attacker to execute code remotely on MacOS devices. It has been fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, and visionOS 2.4.
- Description
- A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
- Source
- product-security@apple.com
- NVD status
- Awaiting Analysis
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2025-24252
@transilienceai
6 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical AirPlay vulnerabilities (CVE-2025-24252, CVE-2025-24132) allow zero-click RCE over local Wi-Fi, affecting Apple devices & third-party receivers. Wormable exploit could spread autonomously across networks. Actions: •Update to latest OS versions •Restrict AirPla
@redfoxsec
6 May 2025
83 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24252
@transilienceai
5 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New Apple exploit dropped. CVE-2025-24252 + CVE-2025-24132 = silent RCE Check em out if you like this shit
@_0xHuCk
5 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-click. Wormable. Network-spreading. New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks. CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Ju
@TheHackersNews
5 May 2025
23878 Impressions
97 Retweets
226 Likes
52 Bookmarks
3 Replies
7 Quotes
Actively exploited CVE : CVE-2025-24252
@transilienceai
5 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24252 (CVSS:9.8, CRITICAL) is Analyzed. A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18..https://t.co/v25M9I0t3j #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
4 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major Apple AirPlay vulnerability discovered by Oolgo Security! Zero-click RCE (CVE-2025-24252) affects macOS & AirPlay SDK, allowing malware installation without user interaction. Wormable exploit can spread across networks. Patch now or disable AirPlay receiver (port TCP700
@salt_creative_
1 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoCs for CVE-2025-24252 and CVE-2025-24132 Discovered and detailed by Oligo Security Poc by me of one of the many paths we can take to rce. #hacker #cybersecurity #EthicalHacking https://t.co/mNk2urVdN3
@anoncitylights
30 Apr 2025
38 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📱AirPlay Zero-Click Flaws Expose Apple Devices 23 vulnerabilities, including critical RCE flaws (CVE-2025-24252, CVE-2025-24132), let attackers take control of Apple devices with no user interaction. Espionage, ransomware, and supply chain risk. https://t.co/RMhBfTwGYg #Appl
@dCypherIO
30 Apr 2025
52 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #vulnerability (CVE-2025-24252) discovered in #Apple OS, including macOS, iOS, iPadOS, tvOS & visionOS. Remote attackers can exploit a memory flaw. Patches available — update now. 🔒 Details: https://t.co/dGXncs8k0x #Cybersecurity #macOS #CVE2025
@threatsbank
30 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AppleのAirPlayにおける脆弱性群"AirBorne"はゼロクリックでの遠隔コード実行につながる。Oligo Security社報告。修正済み。23件の脆弱性をAppleに報告しており、CVE-2025-24252とCVE-2025-24132の組み合わせがゼロクリック。CV
@__kokumoto
29 Apr 2025
611 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (CVE-2025-24252)
@minacris_
29 Apr 2025
892 Impressions
2 Retweets
11 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24252 ⚠️🔴 CRITICAL (9.8) 🏢 Apple - tvOS 🏗️ unspecified 🔗 https://t.co/8NqQwzDxEL 🔗 https://t.co/dVpLdbOot2 🔗 https://t.co/QQxJQbWlNg 🔗 https://t.co/P3AJUA4VYU 🔗 https://t.co/GbpMieKtOF #CyberCron #VulnAlert #InfoSec https://t.co/kHLYqIC
@cybercronai
29 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24252 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS… https://t.co/rkTFgt3xkz
@CVEnew
29 Apr 2025
470 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes