Apple has launched software program updates to handle a number of safety flaws throughout its portfolio, together with a zero-day vulnerability that it stated has been exploited within the wild.
The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug within the Core Media element that might allow a malicious software already put in on a tool to raise privileges.
“Apple is conscious of a report that this situation could have been actively exploited towards variations of iOS earlier than iOS 17.2,” the corporate stated in a terse advisory.
The problem has been addressed with improved reminiscence administration within the following gadgets and working system variations –
- iOS 18.3 and iPadOS 18.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
- macOS Sequoia 15.3 – Macs operating macOS Sequoia
- tvOS 18.3 – Apple TV HD and Apple TV 4K (all fashions)
- visionOS 2.3 – Apple Imaginative and prescient Professional
- watchOS 11.3 – Apple Watch Collection 6 and later
As is usually the case, there are at the moment no particulars on how the vulnerability could have been exploited in real-world assaults, by whom, and who could have been focused. Apple has but to attribute the invention of the shortcoming to a safety researcher.
The updates additionally tackle 5 safety flaws in AirPlay, all reported by Oligo Safety researcher Uri Katz, that may very well be exploited by an attacker to trigger sudden system termination, denial-of-service (DoS), or arbitrary code execution beneath sure situations.
Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting three vulnerabilities within the CoreAudio element (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) that will result in an sudden app termination when parsing a specifically crafted file.
With CVE-2025-24085 tagged as actively exploited, customers of Apple gadgets are advisable to use the patches to safeguard towards potential threats.