In a recent security announcement, Apple has disclosed the availability of critical software updates designed to rectify multiple security vulnerabilities, including a zero-day flaw that has reportedly been exploited in live attacks. This vulnerability, identified as CVE-2025-24085 with a CVSS score of 7.3/7.8, manifests as a use-after-free bug within the Core Media framework. It enables malicious applications already present on a device to escalate their privileges, posing significant risks to user security.
According to Apple, there is evidence suggesting that this vulnerability has been actively exploited against versions of iOS prior to 17.2. The company has acknowledged this potential compromise in a brief advisory statement. Users are urged to promptly update to secure their devices against this increasing threat.
The updates addressing this critical issue have been rolled out to a variety of devices and operating systems, facilitating improved memory management across the following: iOS 18.3 and iPadOS 18.3 for models starting from iPhone XS and newer; macOS Sequoia 15.3 for compatible Macs; tvOS 18.3 for all Apple TV HD and Apple TV 4K models; visionOS 2.3 for Apple Vision Pro; and watchOS 11.3 for Apple Watch Series 6 and later.
Currently, specific details regarding the nature of the exploit, including the attacker profiles and their targets, remain undisclosed. Notably, there has been no attribution of the vulnerability discovery to external security researchers, suggesting it may have been identified internally by Apple’s security teams. This raises concerns about the extent of the potential impact and underlines the necessity for users to take adequate precautions.
Furthermore, the updates also patch five vulnerabilities associated with AirPlay, identified through the research efforts of Uri Katz from Oligo Security. These flaws could be manipulated to induce unexpected system terminations, denial-of-service (DoS) scenarios, or arbitrary code execution under specific conditions, thus amplifying the overall threat landscape.
Additionally, the discovery of three vulnerabilities in the CoreAudio component—CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163—has been credited to Google’s Threat Analysis Group. These vulnerabilities, which can lead to unintended application terminations upon processing specially crafted files, further expose the fragility of the system’s security posture.
Given that CVE-2025-24085 has been classified as an actively exploited vulnerability, it is highly recommended for all users of Apple devices to apply the provided patches to maintain robust defenses against potential intrusions.
Update
In a related development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of CVE-2025-24085 in its Known Exploited Vulnerabilities (KEV) catalog, illustrating clear evidence of its exploitation in the wild. CISA has mandated that federal agencies implement the necessary fixes by February 19, 2025, further emphasizing the urgency for organizations to address these vulnerabilities comprehensively.
