Apple has taken swift action to address a serious zero-day vulnerability (CVE-2025-24085) that has been actively exploited in the wild. This critical flaw, found in the Core Media component, could allow a malicious application already installed on a device to gain elevated privileges, putting user data and device security at risk.
In a statement, Apple acknowledged reports that this vulnerability has been exploited on iOS versions prior to iOS 17.2. Although details about the attacks, potential targets, or the threat actors remain undisclosed, the company has prioritized user safety by deploying updates with improved memory management to fix the issue across its ecosystem.
Here’s a breakdown of the updates and the devices they cover:
iOS 18.3 and iPadOS 18.3: Compatible with iPhone XS and later, iPad Pro models (13-inch, 12.9-inch, and 11-inch), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
macOS Sequoia 15.3: Applies to all Macs running this version of macOS.
tvOS 18.3: Covers Apple TV HD and all Apple TV 4K models.
visionOS 2.3: Specifically designed for Apple Vision Pro.
watchOS 11.3: Available for Apple Watch Series 6 and later models.
In addition to CVE-2025-24085, Apple has resolved several other vulnerabilities:
AirPlay Vulnerabilities: Five flaws were identified by Uri Katz from Oligo Security. These could lead to unexpected system crashes, denial-of-service (DoS) attacks, or arbitrary code execution in certain conditions.
CoreAudio Vulnerabilities: Google’s Threat Analysis Group (TAG) reported three issues (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) in the CoreAudio component, which could cause app crashes when handling maliciously crafted files.
Why This Matters:
The CVE-2025-24085 zero-day vulnerability has been tagged as actively exploited, meaning attackers are already using it in real-world scenarios. While Apple hasn’t disclosed specific details about the exploitation or the targets, the existence of such a flaw highlights the importance of staying up to date with the latest software.
What Should You Do?
Apple users are strongly encouraged to update their devices immediately to the latest versions of iOS, macOS, tvOS, visionOS, and watchOS. These updates not only protect against the actively exploited zero-day vulnerability but also enhance overall system stability and security.
Taking the time to install these updates is a vital step in protecting your devices, data, and personal information from potential cyber threats. Don’t wait—secure your Apple devices today!