CVE-2025-24244: 
macOS vulnerability analysis and mitigation

A memory handling vulnerability (CVE-2025-24244) was discovered and disclosed on March 31, 2025. The vulnerability affects multiple Apple operating systems including macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. When processing a maliciously crafted font, this vulnerability may result in the disclosure of process memory (Apple Support, NVD).

The vulnerability stems from improper memory handling when processing font files. The issue was discovered by Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative. The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, no privileges required, user interaction required, and potential for high confidentiality impact (NVD).

If exploited, this vulnerability could lead to the disclosure of process memory when processing a maliciously crafted font. This could potentially expose sensitive information stored in the application's memory to unauthorized parties (Apple Support).

Apple has addressed this vulnerability by improving memory handling in the affected systems. The fix is available in the following updates: macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. Users are advised to update their systems to these versions to mitigate the vulnerability (Apple Support).