![Apple Shares 'Someday' Film by Spike Jonze Showcasing AirPods 4 With ANC [Video]](https://www.iclarified.com/images/news/96754/96754/96754-640.jpg)
![Fitbit app redesigns Water stats and logging on Android [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/03/fitbit-logo-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=logo}
_Techa_Tungateja_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![Feeling lost as a student in the "working world" [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![How to become a self-taught developer while supporting a family [Podcast #164]](https://cdn.hashnode.com/res/hashnode/image/upload/v1741989957776/7e938ad4-f691-4c9e-8c6b-dc26da7767e1.png?#)
Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users. The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem. This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant […] The post Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users appeared first on Cyber Security News.
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.
The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem.
This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant risks to user devices.
Apple Zero-day Vulnerability Exploited
The Core Media framework is integral to Apple’s media processing pipeline, supporting high-level frameworks like AVFoundation. The vulnerability stems from improper memory management, enabling attackers to exploit the flaw for privilege escalation.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Apple acknowledged reports that this issue has been actively exploited against devices running versions of iOS prior to iOS 17.2.
The exploit affects a broad range of Apple devices, including:
- iPhones: iPhone XS and later models.
- iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
- Macs: macOS Sequoia.
- Apple Watches: Apple Watch Series 6 and later.
- Apple TVs: Apple TV HD and Apple TV 4K (all models).
Reports suggest the vulnerability was exploited for over a year before detection. Attackers likely targeted high-profile individuals using malicious applications designed to manipulate multimedia files. The prolonged exploitation highlights the sophisticated nature of the attacks.
Security Updates Released
Apple has addressed the CVE-2025-24085 vulnerability by improving memory management in the Core Media framework.
The patches are available in the following updates:
- iOS 18.3 and iPadOS 18.3
- macOS Sequoia 15.3
- watchOS 11.3
- tvOS 18.3
- visionOS 2.3
These updates also resolve additional vulnerabilities across system components, including five flaws in AirPlay reported by Uri Katz of Oligo Security, which could lead to denial-of-service (DoS) attacks or arbitrary code execution.
Apple strongly advises all users to update their devices immediately to mitigate risks associated with this zero-day vulnerability.
CVE-2025-24085 marks Apple’s first zero-day patch of 2025, underscoring the persistent threat posed by advanced cyberattacks.
Last year, Apple addressed six zero-day vulnerabilities, while in 2023, it patched an alarming total of 20 such flaws.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
The post Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users appeared first on Cyber Security News.
