Particle.news
Download on the App Store
3 ARTICLES
·
UPDATED 3 weeks ago

Apple Fixes Actively Exploited Zero-Day Vulnerability Across Devices

The security flaw, affecting iOS, macOS, and more, allowed privilege escalation and has been patched with updates now available for all impacted products.

  • Apple addressed a zero-day vulnerability, CVE-2025-24085, in its CoreMedia framework, which was being actively exploited against iOS devices running versions prior to iOS 17.2.
  • The flaw, a use-after-free memory corruption issue, allowed malicious applications to elevate privileges and potentially access sensitive device data.
  • Patch updates are available for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Vision Pro headsets, with users strongly advised to update immediately to mitigate risks.
  • Apple has not disclosed details about the attackers or targets of the exploit and has not credited any researcher for discovering the vulnerability.
  • This marks the first actively exploited zero-day fixed by Apple in 2025, following a total of seven such fixes in 2024 and 20 in 2023.
Publisher Logo TechCrunch Publisher Logo The Register Publisher Logo BleepingComputer
Hero image