2 min Security

Apple fixes zero-day affecting iPhones, Macs and more

Apple fixes zero-day affecting iPhones, Macs and more

Apple has released software updates to address several security vulnerabilities in its product portfolio, including a zero-day vulnerability said to have been actively exploited.

The vulnerability, referred to as CVE-2025-24085 is described as a use-after-free bug in the Core Media component. This flaw could allow a malicious application already installed on a device to gain elevated privileges.

Apple is aware of a report that this issue may have been actively exploited in versions of iOS prior to iOS 17.2. The company states this in a terse statement. The problem has been addressed with improved memory management in a wide range of devices and operating systems.

– iOS 18.3 and iPadOS 18.3.
iPhone XS and later. iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later). iPad Air (3rd generation and later), iPad (7th generation and later) and iPad mini (5th generation and later).
– macOS Sequoia 15.3
Macs running macOS Sequoia.
– tvOS 18.3
Apple TV HD and Apple TV 4K (all models).
– visionOS 2.3.
Apple Vision Pro.
– watchOS 11.3
Apple Watch Series 6 and later.

As usual, no details are currently available on how the vulnerability may have been exploited in real attacks, by whom and who may have been targeted. Apple did not yet attribute the discovery of this problem to a specific security researcher.

AirPlay security flaws

The updates also address five security flaws in AirPlay. All of which were reported by Oligo Security researcher Uri Katz. These flaws can be exploited by an attacker to cause unexpected system failure, denial-of-service (DoS) or arbitrary code execution under certain circumstances.

Google’s Threat Analysis Group (TAG) discovered three vulnerabilities in the CoreAudio component. TAG also reported those, as CVE-2025-24160, CVE-2025-24161 and CVE-2025-24163. These can lead to unexpected termination of an application when processing a specially crafted file.

With CVE-2025-24085 flagged as actively exploited, it is recommended that Apple device users apply the patches to protect against potential threats.

Also read: Researchers denounce Apple and Google for improperly classifying zero-days