HomeVulnerabilityApple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and Extra

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and Extra

Apple has launched software program updates to deal with a number of security flaws throughout its portfolio, together with a zero-day vulnerability that it stated has been exploited within the wild.

The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug within the Core Media element that might allow a malicious software already put in on a tool to raise privileges.

“Apple is conscious of a report that this challenge could have been actively exploited in opposition to variations of iOS earlier than iOS 17.2,” the corporate stated in a terse advisory.

The difficulty has been addressed with improved reminiscence administration within the following units and working system variations –

  • iOS 18.3 and iPadOS 18.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
  • macOS Sequoia 15.3 – Macs working macOS Sequoia
  • tvOS 18.3 – Apple TV HD and Apple TV 4K (all fashions)
  • visionOS 2.3 – Apple Imaginative and prescient Professional
  • watchOS 11.3 – Apple Watch Collection 6 and later
See also  QNAP warns of vital command injection flaws in QTS OS, apps

As is often the case, there are presently no particulars on how the vulnerability could have been exploited in real-world assaults, by whom, and who could have been focused. Apple has but to attribute the invention of the shortcoming to a security researcher.

Cybersecurity

The updates additionally tackle 5 security flaws in AirPlay, all reported by Oligo Safety researcher Uri Katz, that could possibly be exploited by an attacker to trigger sudden system termination, denial-of-service (DoS), or arbitrary code execution underneath sure situations.

Google’s Risk Evaluation Group (TAG) has been credited with discovering and reporting three vulnerabilities within the CoreAudio element (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) that will result in an sudden app termination when parsing a specifically crafted file.

With CVE-2025-24085 tagged as actively exploited, customers of Apple units are beneficial to use the patches to safeguard in opposition to potential threats.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular