Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, etc

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, etc

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild.

The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges.

Actively Exploited

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company stated in an advisory.

The issue has been addressed with improved memory management in the following devices & operating system versions –

  • iOS 18.3 and iPadOS 18.3 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation & later, iPad Pro 11-inch 1st generation & later, iPad Air 3rd generation & later, iPad 7th generation & later, & iPad mini 5th generation & later
  • macOS Sequoia 15.3 – Macs running macOS Sequoia
  • tvOS 18.3 – Apple TV HD & Apple TV 4K (all models)
  • visionOS 2.3 – Apple Vision Pro
  • watchOS 11.3 – Apple Watch Series 6 & later

As is typically the case, there are currently no details on how the vulnerability may have been exploited in real-world attacks, by whom, & who may have been targeted. Apple has yet to attribute the discovery of the shortcoming to a security researcher, although it’s possible that it was internally flagged by its own security teams.

5 Security Flaws

The updates also address 5 security flaws in AirPlay, all reported by Oligo Security researcher Uri Katz, that could be exploited by an attacker to cause unexpected system termination, denial-of-service (DoS), or arbitrary code execution under certain conditions.

Google’s Threat Analysis Group (TAG) has been credited with discovering & reporting 3 vulnerabilities in the CoreAudio component (CVE-2025-24160, CVE-2025-24161, & CVE-2025-24163) that may lead to an unexpected app termination when parsing a specially crafted file.

With CVE-2025-24085 tagged as actively exploited, users of Apple devices are recommended to apply the patches to safeguard against potential threats.

SHARE ARTICLE