Apple has released critical software updates to fix multiple security flaws across its range of devices, including a zero-day vulnerability that the company says has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-24085, raises concerns due to its potential to elevate privileges on compromised devices.
The Zero-Day Vulnerability: A Closer Look
The flagged vulnerability, CVE-2025-24085, is a use-after-free bug within Apple’s Core Media component. According to Apple, the flaw could allow malicious applications already installed on a device to gain elevated privileges, potentially leading to more severe attacks.
In its advisory, Apple noted, “This issue may have been actively exploited against versions of iOS prior to iOS 17.2.” However, the exact nature of these attacks and the identities of those targeted remain unclear.
Devices Impacted and Updates Issued
Apple has released patches with improved memory management to address the issue. Here’s a breakdown of the devices and corresponding updates:
- iOS 18.3 and iPadOS 18.3
For iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). - macOS Sequoia 15.3
For all Macs running macOS Sequoia. - tvOS 18.3
Covering Apple TV HD and all models of Apple TV 4K. - visionOS 2.3
Released for Apple Vision Pro. - watchOS 11.3
Targeting Apple Watch Series 6 and later.
These updates reflect Apple’s swift response to safeguard its users from potential risks stemming from the vulnerability.
Other Security Flaws Patched
The updates also addressed additional security flaws, further emphasizing the critical nature of the patches. Here are some highlights:
AirPlay Vulnerabilities
Apple patched five security issues in the AirPlay feature, all reported by Uri Katz of Oligo Security. These flaws could allow attackers to:
- Trigger unexpected system terminations.
- Cause denial-of-service (DoS) conditions.
- Execute arbitrary code under specific conditions.
CoreAudio Vulnerabilities
Google’s Threat Analysis Group (TAG) identified and disclosed three vulnerabilities (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) in Apple’s CoreAudio component. These bugs could cause applications to crash unexpectedly when processing maliciously crafted files. While the technical details remain limited, the vulnerabilities highlight the importance of handling media files from unknown sources with caution.
What This Means for Apple Users
CVE-2025-24085, labeled as “actively exploited,” is a stark reminder of the persistent threats targeting device users. Apple’s rapid response highlights the need for vigilance among its global user base. However, the company has yet to share details about:
- How the flaw has been used in real-world attacks.
- The threat actors behind the exploits.
- Potential victims.
While these updates demonstrate Apple’s commitment to addressing vulnerabilities, users are urged to stay proactive by applying the patches immediately.
How to Ensure Your Device is Safe
Here are some steps users should take:
- Regularly check for software updates in device settings.
- Avoid installing applications from unknown sources.
- Refrain from opening untrusted files or links.
The Broader Implications of Security Updates
Apple’s quick release of these updates is part of a growing trend among tech companies to address security issues more transparently. Zero-day vulnerabilities are particularly concerning because they can be exploited before developers are even aware of their existence.
While this wave of updates will bolster device security, it also raises questions about the frequency and scope of such vulnerabilities. With increasingly sophisticated attacks, companies like Apple face mounting pressure to stay one step ahead.