NEWS BRIEF
In its latest security update for users, Apple has released a patch for a zero-day vulnerability tracked as CVE-2025-24085 (no CVSS score assigned yet).
The vulnerability, not yet added to the National Vulnerability Database (NVD), can be found in iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. As a privileged escalation security flaw, it is located in Apple’s Core Media framework. The bug is being actively exploited in the wild.
The Core Media framework, according to Apple, is “the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.” It allows users to process media samples as well as manage queues of media data.
This patch comes in the form of iOS 18.3, which fixes 28 other vulnerabilities as well. Apple has yet to divulge many details about any of the issues that have been patched by this update, likely to prevent attackers from exploiting them before users can apply the necessary fix.
Impacted devices from this bug include:
-
iPhone XS and later
-
Apple Watch Series 6 and later
-
macOS Sequoia
-
Apple TV HD and Apple TV 4K (all models)
-
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Though the tech giant has disclosed that “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” it has not published any details of the attacks nor attributed its discovery to a researcher.
Source: www.darkreading.com