![Apple C1 vs Qualcomm Modem Performance [Speedtest]](https://www.iclarified.com/images/news/96767/96767/96767-640.jpg)
![Apple Studio Display On Sale for $1249 [Lowest Price Ever]](https://www.iclarified.com/images/news/96770/96770/96770-640.jpg)
![[Fixed] Chromecast (2nd gen) and Audio can’t Cast in ‘Untrusted’ outage](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2019/08/chromecast_audio_1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
-xl-xl.jpg){kind=icon}
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![Is XMPP a good option for a messaging system in an app? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users. The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem. This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant […] The post Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users appeared first on Cyber Security News.
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.
The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem.
This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant risks to user devices.
Apple Zero-day Vulnerability Exploited
The Core Media framework is integral to Apple’s media processing pipeline, supporting high-level frameworks like AVFoundation. The vulnerability stems from improper memory management, enabling attackers to exploit the flaw for privilege escalation.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Apple acknowledged reports that this issue has been actively exploited against devices running versions of iOS prior to iOS 17.2.
The exploit affects a broad range of Apple devices, including:
- iPhones: iPhone XS and later models.
- iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
- Macs: macOS Sequoia.
- Apple Watches: Apple Watch Series 6 and later.
- Apple TVs: Apple TV HD and Apple TV 4K (all models).
Reports suggest the vulnerability was exploited for over a year before detection. Attackers likely targeted high-profile individuals using malicious applications designed to manipulate multimedia files. The prolonged exploitation highlights the sophisticated nature of the attacks.
Security Updates Released
Apple has addressed the CVE-2025-24085 vulnerability by improving memory management in the Core Media framework.
The patches are available in the following updates:
- iOS 18.3 and iPadOS 18.3
- macOS Sequoia 15.3
- watchOS 11.3
- tvOS 18.3
- visionOS 2.3
These updates also resolve additional vulnerabilities across system components, including five flaws in AirPlay reported by Uri Katz of Oligo Security, which could lead to denial-of-service (DoS) attacks or arbitrary code execution.
Apple strongly advises all users to update their devices immediately to mitigate risks associated with this zero-day vulnerability.
CVE-2025-24085 marks Apple’s first zero-day patch of 2025, underscoring the persistent threat posed by advanced cyberattacks.
Last year, Apple addressed six zero-day vulnerabilities, while in 2023, it patched an alarming total of 20 such flaws.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
The post Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users appeared first on Cyber Security News.
