Security
Headlines
HeadlinesLatestCVEs

Headline

Apple users: Update your devices now to patch zero-day vulnerability

Apple has released a host of security updates for iOS, iPadOS, Mac, Apple Watch, and Apple TV. Update as soon as you can.

Malwarebytes
Open in Source
#vulnerability#ios#android#mac#apple#zero_day

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS.

Apple said:

“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.”

Devices affected are those that run:

  • iPhone XS and later
  • iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia
  • Apple Watch Series 6 and later
  • All models of Apple TV HD and Apple TV 4K

If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Technical details about the zero-day

The zero-day vulnerability patched in this update is tracked as CVE-2025-24085. It is described as a use after free (UAF) issue in Apple’s Core Media framework that would allow an attacker to elevate privileges.

The Core Media framework handles multimedia applications like photos, videos, and real-time communication applications. UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, successful exploitation could provide a malicious app with privileges on the affected device that it shouldn’t have.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Related news

Apple Patches Actively Exploited Zero-Day Vulnerability

The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.

Malwarebytes: Latest News

These are the 10 worst PIN codes
Malwarebytes