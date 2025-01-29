Apple has released critical security updates to address its first zero-day vulnerability of 2025, CVE-2025-24085. There is a security flaw in Apple’s Core Media framework that allows attackers to gain higher privileges than they should. This vulnerability has been actively targeted in attacks against iPhone users.

The company stated,

“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.”

This could mean that attackers have already taken advantage of this vulnerability in the wild.

This is a vulnerability in Apple’s Core Media component, which is important for handling media on its devices. This issue is a use-after-free bug. Apple has fixed this problem by improving how memory is managed in the affected systems.

Apple has released patches for this vulnerability in the following software versions:

iOS 18.3 and iPadOS 18.3

macOS Sequoia 15.3

watchOS 11.3

tvOS 18.3

visionOS 2.3

The vulnerability affects a wide range of Apple devices, including (as per Bleeping Computer)

iPhone XS and later

iPad Pro (13-inch, 12.9-inch 3rd generation and later, 11-inch 1st generation and later)

iPad Air (3rd generation and later)

iPad (7th generation and later)

iPad mini (5th generation and later)

Macs running macOS Sequoia

Apple Watch Series 6 and later

Apple TV HD and Apple TV 4K (all models)

Apple Vision Pro

While Apple has not provided specific details about the exploitation or attributed the discovery to any particular researcher, the company has emphasized the importance of installing these security updates promptly.

Because this vulnerability is serious and being actively used by attackers, it’s important for all users of affected Apple devices to update their software right away. This will help reduce the risk of possible attacks.