Apple Patches Actively Exploited Zero-Day Vulnerability

Source: Shahid Jamil via Alamy Stock Photo

NEWS BRIEF

In its latest security update for users, Apple has released a patch for a zero-day vulnerability tracked as CVE-2025-24085 (no CVSS score assigned yet).

The vulnerability, not yet added to the National Vulnerability Database (NVD), can be found in iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. As a privileged escalation security flaw, it is located in Apple’s Core Media framework. The bug is being actively exploited in the wild.

The Core Media framework, according to Apple, is “the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.” It allows users to process media samples as well as manage queues of media data.

This patch comes in the form of iOS 18.3, which fixes 28 other vulnerabilities as well. Apple has yet to divulge many details about any of the issues that have been patched by this update, likely to prevent attackers from exploiting them before users can apply the necessary fix.

Impacted devices from this bug include:

• Apple Watch Series 6 and later

• Apple TV HD and Apple TV 4K (all models)

• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Though the tech giant has disclosed that “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” it has not published any details of the attacks nor attributed its discovery to a researcher.

About the Author

Skilled writer and editor covering cybersecurity for Dark Reading.