Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.
The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem.
This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant risks to user devices.
Apple Zero-day Vulnerability Exploited
The Core Media framework is integral to Apple’s media processing pipeline, supporting high-level frameworks like AVFoundation.The vulnerability stems from improper memory management, enabling attackers to exploit the flaw for privilege escalation.
Apple acknowledged reports that this issue has been actively exploited against devices running versions of iOS prior to iOS 17.2.
The exploit affects a broad range of Apple devices, including:
Reports suggest the vulnerability was exploited for over a year before detection. Attackers likely targeted high-profile individuals using malicious applications designed to manipulate multimedia files. The prolonged exploitation highlights the sophisticated nature of the attacks.
Security Updates Released
Apple has addressed the CVE-2025-24085 vulnerability by improving memory management in the Core Media framework.
The patches are available in the following updates:
These updates also resolve additional vulnerabilities across system components, including five flaws in AirPlay reported by Uri Katz of Oligo Security, which could lead to denial-of-service (DoS) attacks or arbitrary code execution.
Apple strongly advises all users to update their devices immediately to mitigate risks associated with this zero-day vulnerability.
CVE-2025-24085 marks Apple’s first zero-day patch of 2025, underscoring the persistent threat posed by advanced cyberattacks.
Last year, Apple addressed six zero-day vulnerabilities, while in 2023, it patched an alarming total of 20 such flaws.
#Apple #Cyber_Security #Cyber_Security_News #Vulnerability #Zero-Day #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users
Author: Kaaviya RagupathyApple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.
The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia processing across Apple’s ecosystem.
This vulnerability, with a CVSS score of 9.8, allows malicious applications to elevate privileges, posing significant risks to user devices.
Apple Zero-day Vulnerability Exploited
The Core Media framework is integral to Apple’s media processing pipeline, supporting high-level frameworks like AVFoundation.The vulnerability stems from improper memory management, enabling attackers to exploit the flaw for privilege escalation.
Apple acknowledged reports that this issue has been actively exploited against devices running versions of iOS prior to iOS 17.2.
The exploit affects a broad range of Apple devices, including:
- iPhones: iPhone XS and later models.
- iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
- Macs: macOS Sequoia.
- Apple Watches: Apple Watch Series 6 and later.
- Apple TVs: Apple TV HD and Apple TV 4K (all models).
Reports suggest the vulnerability was exploited for over a year before detection. Attackers likely targeted high-profile individuals using malicious applications designed to manipulate multimedia files. The prolonged exploitation highlights the sophisticated nature of the attacks.
Security Updates Released
Apple has addressed the CVE-2025-24085 vulnerability by improving memory management in the Core Media framework.
The patches are available in the following updates:
- iOS 18.3 and iPadOS 18.3
- macOS Sequoia 15.3
- watchOS 11.3
- tvOS 18.3
- visionOS 2.3
These updates also resolve additional vulnerabilities across system components, including five flaws in AirPlay reported by Uri Katz of Oligo Security, which could lead to denial-of-service (DoS) attacks or arbitrary code execution.
Apple strongly advises all users to update their devices immediately to mitigate risks associated with this zero-day vulnerability.
CVE-2025-24085 marks Apple’s first zero-day patch of 2025, underscoring the persistent threat posed by advanced cyberattacks.
Last year, Apple addressed six zero-day vulnerabilities, while in 2023, it patched an alarming total of 20 such flaws.
#Apple #Cyber_Security #Cyber_Security_News #Vulnerability #Zero-Day #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
