Apple macOS Kernel Vulnerability Allows Attackers to Escalate Privileges – PoC Now Available

05.02.2025

 

A newly disclosed macOS kernel vulnerability, tracked as CVE-2025-24118, could allow attackers to escalate privileges, corrupt memory, and execute code at the kernel level. The flaw affects macOS Sonoma versions prior to 14.7.3, macOS Sequoia before 15.3, and iPadOS versions earlier than 17.7.4. Security researcher Joseph Ravichandran (@0xjprx) from MIT CSAIL identified the issue and released a Proof-of-Concept (PoC) exploit demonstrating how it can be leveraged.

The vulnerability originates from a race condition in Apple’s XNU kernel, specifically involving Safe Memory Reclamation (SMR), read-only page mapping, per-thread credentials, and the unsafe use of memcpy. A lack of proper synchronization in credential updates creates a scenario where non-atomic writes can lead to privilege escalation by modifying process credentials.

At the core of the issue is the kauth_cred_proc_update function, which improperly updates the proc_ro.p_ucred pointer using zalloc_ro_mut, a function that relies on memcpy. Since memcpy is not atomic on x86_64 systems, concurrent reads and writes can result in partially updated pointers, leading to unexpected behavior, credential corruption, or even kernel panics. The PoC exploit demonstrates this by rapidly changing group IDs (setgid) while reading them (getgid) to trigger the race condition.

As of now, Apple has not issued a patch for this vulnerability. Users are advised to avoid executing untrusted code and stay alert for upcoming security updates. The researcher suggests mitigating the issue by ensuring atomic operations are used when updating SMR-protected pointers like proc_ro.p_ucred, preventing unintended memory access.

This discovery highlights the dangers of race conditions in modern operating systems, where improper memory handling can have serious security implications. Until Apple addresses the flaw, users should exercise caution and restrict exposure to potentially malicious software.

en_USEnglish