Wilson's Media

A Tech & Gaming Blog

Apple security alert – zero-day patched, so update your devices now

  • Apple warns users about use-after-free vulnerability being exploited in the wild
  • It affects most products, including iPhones, watches, TVs, and more
  • A patch is already available, so update now

Apple has released a patch for its first zero-day of 2025, fixing CVE-2025-24085, a use-after-free flaw affecting the CoreMedia component.

CoreMedia is a framework in Apple’s ecosystem that handles multimedia. It is important for the playback, processing, and management of both audio and video files, and is found in devices powered by macOS, iOS, iPadOS, tvOS, and watchOS.

A use-after-free (UAF) flaw is a type of memory vulnerability that occurs when a program continues to use a memory location after it has been freed (deallocated). This can result in unpredictable behavior, such as crashes, data corruption, or execution of malicious code. Attackers can exploit UAF by manipulating the memory space to insert malicious payloads, which the program may execute when it accesses the freed memory.

Patching things up

The issue affects multiple Apple products: iPhones, iPads, macs, TVs, Vision Pro, and watches.

The company said it was being exploited in the wild as a zero-day, but at this time, it did not share any details – although the bug could be exploited through a rogue app, which could grant the attackers more control over the target system.

The relative silence is regular practice for Apple, since it wants to give its users enough time to apply the patch, without tipping potential threat actors off on a new attack avenue.

Speaking of the patch, Apple product users should make sure their devices are updated to the following: iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3.

“A malicious application may be able to elevate privileges,” Apple said in a security advisory. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.”

Via The Register

You might also like


Source

Apple warns users about use-after-free vulnerability being exploited in the wild It affects most products, including iPhones, watches, TVs, and more A patch is already available, so update now Apple has released a patch for its first zero-day of 2025, fixing CVE-2025-24085, a use-after-free flaw affecting the CoreMedia component. CoreMedia…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives