Summary: A critical race condition vulnerability (CVE-2025-24118) in Apple’s macOS kernel has been discovered, which could enable attackers to escalate privileges and corrupt memory, potentially leading to kernel-level code execution. Tracked with a CVSS score of 9.8, this flaw has been addressed in macOS Sonoma 14.7.3, macOS Sequoia 15.3, and iPadOS 17.7.4 by enhancing memory handling and implementing atomic updates. The vulnerability arises from a combination of safe memory practices and the improper handling of thread credentials, creating an opportunity for unauthorized credential modification.

Affected: Apple macOS kernel (XNU)

Keypoints :

• Race condition allows unauthorized modification of process credentials.
• Vulnerability can be exploited by unprivileged local attackers using multi-threaded techniques.
• Apple has released patches to mitigate the flaw in several operating systems.