Apple has rolled out critical security updates to patch multiple vulnerabilities across its ecosystem, including an actively exploited zero-day flaw that could put millions of users at risk.
Apple Zero-Day Vulnerability: CVE-2025-24085
The high-severity vulnerability, tracked as CVE-2025-24085, is a use-after-free flaw in the Core Media component. Exploiting this vulnerability allows a malicious application already installed on a device to escalate privileges, potentially leading to full device compromise.
According to Apple’s advisory, "Apple is aware of a report that this issue may have been actively exploited against versions of iOS prior to iOS 17.2."
Devices & OS Versions Affected
Apple has addressed this flaw with enhanced memory management across multiple platforms, releasing security patches for the following devices:
iOS 18.3 & iPadOS 18.3 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
macOS Sequoia 15.3 – Macs running macOS Sequoia.
tvOS 18.3 – Apple TV HD and all models of Apple TV 4K.
visionOS 2.3 – Apple Vision Pro.
watchOS 11.3 – Apple Watch Series 6 and later.
Additional Security Fixes in AirPlay and CoreAudio
Alongside CVE-2025-24085, Apple has also patched five security flaws in AirPlay—all reported by Oligo Security researcher Uri Katz—which could be exploited to cause system crashes, denial-of-service (DoS), or arbitrary code execution.
Additionally, Google’s Threat Analysis Group (TAG) has been credited with discovering three vulnerabilities in the CoreAudio component (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163), which could lead to unexpected app termination when parsing a specially crafted file.
What Should Apple Users Do?
Given that CVE-2025-24085 is confirmed to be exploited in the wild, all Apple users are strongly urged to update their devices immediately to mitigate the risk of cyber threats. To check for updates:
On iPhone/iPad: Go to Settings → General → Software Update.
On Mac: Open System Settings → General → Software Update.
On Apple Watch: Open Watch App → General → Software Update.
Final Thoughts
While Apple has not disclosed how this zero-day was used in real-world attacks or who the targets were, history suggests that such exploits are often leveraged in sophisticated cyber-espionage campaigns. This makes timely patching essential to prevent potential security breaches.
Stay updated on the latest cybersecurity developments by following our blog for more insights and security advisories.