CVE-2025-24203

Name of the Vulnerable Software and Affected Versions macOS versions prior to 13.7.5 iPadOS versions prior to 17.7.6 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 iOS versions 16.0 through 18.3.2

Description The issue involves inadequate access control mechanisms, allowing an application to modify protected parts of the file system. This allows for system-level tweaks and customizations without a jailbreak, similar to the functionality provided by MacDirtyCow. The vulnerability, identified as CVE-2025-24203, enables arbitrary read/write access, potentially bypassing Pointer Authentication. Exploitation involves "zeroing" specific files or memory regions to achieve desired modifications. The exploit has been used to create tools like dirtyZero and iDevice Toolkit, which allow for customization of iOS devices. The vulnerability was addressed with improved checks in the mentioned versions. The exploit is known to be unreliable after reboots, as changes are not persistent without deeper system access. The VM BEHAVIOR ZERO WIRED PAGES behavior allows writing to read-only pages.

Recommendations Update macOS to version 13.7.5 or later. Update iPadOS to version 17.7.6 or later. Update macOS Sequoia to version 15.4 or later. Update macOS Sonoma to version 14.7.5 or later. Update iOS to a version later than 18.3.2.