Apple has released security updates to address multiple vulnerabilities, including an actively exploited zero-day, CVE-2025-24085. This use-after-free issue in the Core Media component allows a malicious application already installed on a device to escalate privileges.
The vulnerability has been exploited in the wild, primarily affecting versions of iOS before 17.2. Apple has patched the issue with improved memory management in the following software versions:
Affected Devices and Patched Versions
- iOS 18.3 / iPadOS 18.3: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), iPad mini (5th gen and later).
- macOS Sequoia 15.3: Macs running macOS Sequoia.
- tvOS 18.3: Apple TV HD and all Apple TV 4K models.
- visionOS 2.3: Apple Vision Pro.
- watchOS 11.3: Apple Watch Series 6 and later.
Apple has not disclosed details on how CVE-2025-24085 has been exploited, who may have been targeted, or who discovered the flaw.
Additional Security Fixes
The updates also patch five vulnerabilities in AirPlay that could allow attackers to trigger unexpected system termination, denial-of-service (DoS), or arbitrary code execution.
Additionally, Google’s Threat Analysis Group (TAG) identified and reported three CoreAudio vulnerabilities (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163) that can cause unexpected application termination when processing specially crafted files.
Recommendation
Users should update their devices immediately to mitigate exploitation. Organizations should ensure patches are applied across all affected systems. Enabling automatic updates reduces exposure to zero-day threats. Since exploitation requires a malicious app, users should avoid untrusted software and monitor for unusual activity.