![T-Mobile extends another peace offering to customers after uproar over rate increase [UPDATED]](https://m-cdn.phonearena.com/images/article/168576-two/T-Mobile-extends-another-peace-offering-to-customers-after-uproar-over-rate-increase-UPDATED.jpg?#)
![Apple Music Experiencing Outage [Update: Fixed]](https://images.macrumors.com/t/cBpeJ95wekMRm8-YbPPJQhJrDsY=/1920x/article-new/2024/08/apple-music.jpg)
![New Apple M3 iPad Air On Sale for $50 Off [Deal]](https://www.iclarified.com/images/news/96759/96759/96759-640.jpg)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users. The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem. This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant […] The post Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users appeared first on Cyber Security News.
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.
The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem.
This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant risks to user devices.
Apple Zero-day Vulnerability Exploited
The Core Media framework is integral to Apple’s media processing pipeline, supporting high-level frameworks like AVFoundation. The vulnerability stems from improper memory management, enabling attackers to exploit the flaw for privilege escalation.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Apple acknowledged reports that this issue has been actively exploited against devices running versions of iOS prior to iOS 17.2.
The exploit affects a broad range of Apple devices, including:
- iPhones: iPhone XS and later models.
- iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
- Macs: macOS Sequoia.
- Apple Watches: Apple Watch Series 6 and later.
- Apple TVs: Apple TV HD and Apple TV 4K (all models).
Reports suggest the vulnerability was exploited for over a year before detection. Attackers likely targeted high-profile individuals using malicious applications designed to manipulate multimedia files. The prolonged exploitation highlights the sophisticated nature of the attacks.
Security Updates Released
Apple has addressed the CVE-2025-24085 vulnerability by improving memory management in the Core Media framework.
The patches are available in the following updates:
- iOS 18.3 and iPadOS 18.3
- macOS Sequoia 15.3
- watchOS 11.3
- tvOS 18.3
- visionOS 2.3
These updates also resolve additional vulnerabilities across system components, including five flaws in AirPlay reported by Uri Katz of Oligo Security, which could lead to denial-of-service (DoS) attacks or arbitrary code execution.
Apple strongly advises all users to update their devices immediately to mitigate risks associated with this zero-day vulnerability.
CVE-2025-24085 marks Apple’s first zero-day patch of 2025, underscoring the persistent threat posed by advanced cyberattacks.
Last year, Apple addressed six zero-day vulnerabilities, while in 2023, it patched an alarming total of 20 such flaws.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
The post Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users appeared first on Cyber Security News.
