Apple has launched software program updates to handle a number of safety flaws throughout its portfolio, together with a zero-day vulnerability that it mentioned has been exploited within the wild.
The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug within the Core Media part that would allow a malicious software already put in on a tool to raise privileges.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the corporate mentioned in a terse advisory.
The difficulty has been addressed with improved reminiscence administration within the following units and working system variations –
- iOS 18.3 and iPadOS 18.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
- macOS Sequoia 15.3 – Macs working macOS Sequoia
- tvOS 18.3 – Apple TV HD and Apple TV 4K (all fashions)
- visionOS 2.3 – Apple Imaginative and prescient Professional
- watchOS 11.3 – Apple Watch Collection 6 and later
As is usually the case, there are at the moment no particulars on how the vulnerability could have been exploited in real-world assaults, by whom, and who could have been focused. Apple has but to attribute the invention of the shortcoming to a safety researcher.
The updates additionally tackle 5 safety flaws in AirPlay, all reported by Oligo Safety researcher Uri Katz, that could possibly be exploited by an attacker to trigger surprising system termination, denial-of-service (DoS), or arbitrary code execution below sure situations.
Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting three vulnerabilities within the CoreAudio part (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) that will result in an surprising app termination when parsing a specifically crafted file.
With CVE-2025-24085 tagged as actively exploited, customers of Apple units are really useful to use the patches to safeguard in opposition to potential threats.
