Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and Extra

Apple has launched software program updates to deal with a number of security flaws throughout its portfolio, together with a zero-day vulnerability that it stated has been exploited within the wild.

The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug within the Core Media element that might allow a malicious software already put in on a tool to raise privileges.

“Apple is conscious of a report that this challenge could have been actively exploited in opposition to variations of iOS earlier than iOS 17.2,” the corporate stated in a terse advisory.

The difficulty has been addressed with improved reminiscence administration within the following units and working system variations –

• iOS 18.3 and iPadOS 18.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
• macOS Sequoia 15.3 – Macs working macOS Sequoia
• tvOS 18.3 – Apple TV HD and Apple TV 4K (all fashions)
• visionOS 2.3 – Apple Imaginative and prescient Professional
• watchOS 11.3 – Apple Watch Collection 6 and later

As is often the case, there are presently no particulars on how the vulnerability could have been exploited in real-world assaults, by whom, and who could have been focused. Apple has but to attribute the invention of the shortcoming to a security researcher.

The updates additionally tackle 5 security flaws in AirPlay, all reported by Oligo Safety researcher Uri Katz, that could possibly be exploited by an attacker to trigger sudden system termination, denial-of-service (DoS), or arbitrary code execution underneath sure situations.

Google’s Risk Evaluation Group (TAG) has been credited with discovering and reporting three vulnerabilities within the CoreAudio element (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) that will result in an sudden app termination when parsing a specifically crafted file.

With CVE-2025-24085 tagged as actively exploited, customers of Apple units are beneficial to use the patches to safeguard in opposition to potential threats.