Apple patches actively exploited zero-day affecting iPhones and other devices


Hackers are attacking iPhone users by exploiting a recently discovered security flaw that enables malicious apps to elevate privileges. Apple has released security updates addressing this zero-day among other vulnerabilities.

The so-called ‘use after free issue’ is a memory bug that affects a wide range of Apple devices, including Macs, iPhones, iPads, Apple watches, Apple TV, and the Vision Pro. The flaw lies in the Core Media Framework, which is used for multimedia content on Apple’s platforms.

“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” Apple said in an advisory.

ADVERTISEMENT

Apple fixed the issue CVE-2025-24085 in the new OS versions released on Monday: visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3.

Apple doesn’t provide more details on the flaw or its public exploitation but assures that “keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.

vilius Paulina Okunyte Ernestas Naprys Gintaras Radauskas
Don’t miss our latest stories on Google News

Apple’s security updates also address other vulnerabilities, some of which affect the Kernel and allow malicious apps to gain root privileges and execute arbitrary code.

An authentication issue in the Photos app allows attackers with physical access to an unlocked device to access the app while it is locked. AirPlay is affected by multiple flaws that allow attackers to deny the service and corrupt process memory.

ADVERTISEMENT