
Hackers are attacking iPhone users by exploiting a recently discovered security flaw that enables malicious apps to elevate privileges. Apple has released security updates addressing this zero-day among other vulnerabilities.
The so-called ‘use after free issue’ is a memory bug that affects a wide range of Apple devices, including Macs, iPhones, iPads, Apple watches, Apple TV, and the Vision Pro. The flaw lies in the Core Media Framework, which is used for multimedia content on Apple’s platforms.
“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” Apple said in an advisory.
Apple fixed the issue CVE-2025-24085 in the new OS versions released on Monday: visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3.
Apple doesn’t provide more details on the flaw or its public exploitation but assures that “keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.”
Apple’s security updates also address other vulnerabilities, some of which affect the Kernel and allow malicious apps to gain root privileges and execute arbitrary code.
An authentication issue in the Photos app allows attackers with physical access to an unlocked device to access the app while it is locked. AirPlay is affected by multiple flaws that allow attackers to deny the service and corrupt process memory.
Your email address will not be published. Required fields are markedmarked