Apple Patches Zero-Day Exploit in Core Media Amid Active Attacks

Apple has rolled out software updates to fix several security vulnerabilities across its product line, including a zero-day flaw that has reportedly been exploited in the wild.

  Vulnerability Alerts   Jan 28, 2025  Add to Reading List
Apple Patches Zero-Day Exploit in Core Media Amid Active Attacks

Apple has rolled out software updates to fix several security vulnerabilities across its product line, including a zero-day flaw that has reportedly been exploited in the wild.

The flaw, identified as CVE-2025-24085, is a use-after-free vulnerability in the Core Media component. It could allow a malicious application already installed on a device to gain elevated privileges.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS prior to iOS 17.2," the company stated in its advisory.

The vulnerability has been mitigated through improved memory management and addressed in the following devices and OS versions:

  • iOS 18.3 and iPadOS 18.3: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).
  • macOS Sequoia 15.3: Macs running macOS Sequoia.
  • tvOS 18.3: Apple TV HD and all Apple TV 4K models.
  • visionOS 2.3: Apple Vision Pro.
  • watchOS 11.3: Apple Watch Series 6 and later.

As usual, Apple has not disclosed specific details about how the vulnerability was exploited, who was behind the attacks, or which users may have been targeted. No security researcher has been credited with discovering the flaw so far.

Additional Security Fixes

The updates also resolve five AirPlay vulnerabilities reported by Oligo Security researcher Uri Katz. These flaws could enable attackers to trigger unexpected system termination, denial-of-service (DoS), or execute arbitrary code under certain conditions.

Google’s Threat Analysis Group (TAG) identified and reported three other issues (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) in the CoreAudio component. These could lead to unexpected app crashes when processing specially crafted files.

Recommendations

With CVE-2025-24085 confirmed as actively exploited, Apple device users are urged to install the updates promptly to protect against potential security risks.

Tags