2025-01-31 01:10:00 Pacfic
Apple Patches Actively Exploited Zero-Day - 2d
Apple has released emergency security updates to address a critical zero-day vulnerability, identified as CVE-2025-24085, which is actively being exploited in the wild. The flaw impacts a wide array of Apple products, including iPhones, iPads, Macs, Apple Watches, Apple TVs, and devices running visionOS. This vulnerability, found within the Core Media framework, a core component of Apple's media processing pipeline, can potentially allow malicious applications to gain elevated privileges on affected devices. Apple has acknowledged reports of the issue being actively exploited against versions of iOS before 17.2, underscoring the urgency of the situation.
The updates are designated as iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3 and address the vulnerability through improved memory management. Affected devices include iPhone XS and later, various iPad models including the iPad Pro, iPad Air, and iPad mini (specific generations detailed), Macs running macOS Sequoia, Apple Watch Series 6 and later, and all models of Apple TV HD and Apple TV 4K. Users are strongly advised to update their devices immediately to protect against potential exploits. Apple has not yet disclosed further details about the attacks or the researcher who discovered the vulnerability.
ImgSrc: securityonline.info
References:
- securityonline.info - CVE-2025-24085: Apple Patches Actively Exploited Zero-Day Vulnerability - 2d
- CISO2CISO.COM & CYBER SECURITY GROUP - Apple Patches Actively Exploited Zero-Day Vulnerability - 2d
- @applsec - EMERGENCY UPDATE Apple pushed updates for a new zero-day that may have been actively exploited. CVE-2025-24085 (CoreMedia): - iOS and iPadOS 18.3 - macOS Sequoia 15.3 - tvOS 18.3 - watchOS 11.3 - 2d
- ciso2ciso.com - Apple Patches Actively Exploited Zero-Day Vulnerability - 2d
- Vulnerability Archives ? Cybersecurity News - Apple Patches Actively Exploited Zero-Day Vulnerability - 2d
- www.helpnetsecurity.com - Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 'tmiss #0-day - 2d
- @jos1264 - Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 'tmiss #0-day - 2d
- ciso2ciso.com - Apple fixed the first actively exploited zero-day of 2025 – Source: securityaffairs.com - 2d
Classification:
- HashTags: AppleSecurity ZeroDay SecurityUpdate
- Company: Apple
- Target: Apple users
- Product: iOS, macOS
- Feature: Zero-day Exploit
- Type: 0Day
- Severity: Major