Apple Releases Critical Security Updates to Patch Zero-Day Vulnerability
In a major security move, Apple has released software updates to address several vulnerabilities across its product lineup, most notably a zero-day exploit that affects the Core Media component. These updates are essential in safeguarding users from potential security threats.
Understanding the Zero-Day Vulnerability
Tracked as CVE-2025-24085, the vulnerability is classified as a use-after-free bug within Apple’s Core Media framework. This flaw could allow a malicious app, already installed on a device, to gain elevated privileges. Such a breach could lead to unauthorized access and control over the device.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” stated the company in its security advisory.
Which Devices and OS Versions Are Affected?
The security flaw impacts a broad range of Apple devices and operating system versions. Below are the specific updates addressing CVE-2025-24085:
- iOS 18.3 and iPadOS 18.3 – Available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- macOS Sequoia 15.3 – Applicable to Macs running macOS Sequoia
- tvOS 18.3 – Designed for Apple TV HD and Apple TV 4K (all models)
- visionOS 2.3 – Suitable for Apple Vision Pro
- watchOS 11.3 – Compatible with Apple Watch Series 6 and later
Additional Security Fixes
Beyond the zero-day vulnerability, Apple’s latest updates also rectify five security issues in the AirPlay feature, identified by Oligo Security researcher Uri Katz. These flaws could enable attackers to provoke system crashes, denial-of-service attacks, or execute arbitrary code under specific conditions.
Moreover, Google’s Threat Analysis Group (TAG) discovered and reported three vulnerabilities in the CoreAudio component (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163). Exploitation of these defects could result in unexpected application termination when parsing specially crafted files.
Protecting Your Devices
Given the active exploitation of CVE-2025-24085, it is imperative for Apple users to install the latest software updates as soon as possible. These updates enhance memory management and patch the identified security gaps, significantly reducing the risk of unauthorized access and other malicious activities.
Final Thoughts
The recent updates from Apple underscore the importance of regular software maintenance and awareness of emerging security threats. By staying informed and applying updates promptly, users can better protect their devices from potential vulnerabilities.
As cybersecurity threats evolve, staying vigilant and proactive is crucial. Follow us on Twitter and LinkedIn for the latest news and insights on securing your digital assets.
