Apple released urgent security updates for CVE-2025-24085, a vulnerability exploited in the wild. Update your devices (iPhone, Mac, iPad) now for protection.

Overview

Apple has released security updates to address a newly discovered vulnerability, CVE-2025-24085, in its Core Media framework. This vulnerability is classified as a privilege escalation flaw and is reportedly being actively exploited. If successfully leveraged by a malicious application, this vulnerability could enable an attacker to elevate privileges on an affected device.

To mitigate the risk, Apple has released patches across multiple product lines, urging users and administrators to update their devices immediately. The affected operating systems include iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3.

Details of CVE-2025-24085

The vulnerability stems from a use-after-free (UAF) issue, a memory management flaw where a program continues to access memory after it has been freed. This can lead to arbitrary code execution, privilege escalation, or application crashes. Apple has addressed this issue by improving memory management.

Apple has acknowledged that CVE-2025-24085 may have been actively exploited against iOS versions before iOS 17.2. This underlines the urgency of updating affected devices to the latest security patches.

Impacted Devices and Operating Systems

Apple has rolled out security patches for the following devices and operating system versions:

• iOS 18.3 and iPadOS 18.3:
  • iPhone XS and later
  • iPad Pro 13-inch
  • iPad Pro 12.9-inch (3rd generation and later)
  • iPad Pro 11-inch (1st generation and later)
  • iPad Air (3rd generation and later)
  • iPad (7th generation and later)
  • iPad mini (5th generation and later)
• macOS Sequoia 15.3 (All Macs running macOS Sequoia)
• tvOS 18.3 (Apple TV HD and Apple TV 4K – all models)
• visionOS 2.3 (Apple Vision Pro)
• watchOS 11.3 (Apple Watch Series 6 and later)

Users and IT administrators are strongly advised to install these updates as soon as possible to mitigate the risk of exploitation.

Additional Security Fixes in iOS 18.3 and iPadOS 18.3

Alongside CVE-2025-24085, Apple has addressed several other security vulnerabilities across different components, including:

1. Photos App Authentication Issue
   • Impact: Attackers with physical access to an unlocked device could access photos while the app is locked.
   • Fix: Improved state management to address authentication issues.
   • CVE-2025-24141 (Reported by Abhay Kailasia, C-DAC Thiruvananthapuram, India)
2. AirPlay Vulnerabilities
   • Impact:
     • Local attackers could cause unexpected system termination or corrupt process memory (CVE-2025-24126)
     • Remote attackers could cause unexpected app terminations (CVE-2025-24129, CVE-2025-24137)
     • Attackers in privileged positions could trigger denial-of-service attacks (CVE-2025-24131, CVE-2025-24177)
   • Fix: Improved input validation and memory management.
   • Reported by: Uri Katz (Oligo Security)
3. ARKit Parsing Issue
   • Impact: Parsing a malicious file could lead to app termination.
   • Fix: Strengthened file validation checks.
   • CVE-2025-24127 (Reported by Zhejiang University researchers)
4. CoreAudio File Parsing Flaws
   • Impact: Malicious file parsing could result in unexpected app crashes.
   • Fix: Implemented improved security checks.
   • CVE-2025-24160, CVE-2025-24161, CVE-2025-24163 (Reported by Google Threat Analysis Group)
5. CoreMedia Vulnerabilities
   • Impact: Parsing malicious files could lead to app crashes or privilege escalation.
   • Fix: Improved input validation and memory handling.
   • CVE-2025-24123, CVE-2025-24124 (Reported by Trend Micro Zero Day Initiative researchers)
6. Kernel Privilege Escalation Issue
   • Impact: Malicious applications may gain root privileges.
   • Fix: Addressed permission flaws in kernel security handling.
   • CVE-2025-24086 (Reported by Enki WhiteHat researchers)

User Recommendations

Apple has emphasized the importance of keeping devices up to date to protect against emerging threats. Users and administrators should take the following steps:

1. Update Immediately: Ensure that all Apple devices are updated to the latest available OS versions.
2. Enable Automatic Updates: Configure devices to install updates automatically.
3. Verify App Permissions: Monitor and limit app permissions to reduce potential attack surfaces.
4. Stay Informed: Regularly check Apple’s security updates page for new patches and vulnerabilities.
5. Avoid Suspicious Downloads: Only install apps from trusted sources such as the Apple App Store.

Apple’s rapid response in addressing the vulnerability and releasing patches across multiple platforms demonstrates its commitment to user security. However, users also have the responsibility to apply updates promptly to safeguard their devices from potential threats.

By staying updated and following best security practices, users can reduce the risk of cyberattacks and ensure a safer digital environment.

Source:

• https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-007
• https://support.apple.com/en-gb/122066
• https://nvd.nist.gov/vuln/detail/CVE-2025-24085

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.