40/68 Wednesday, January 29, 2025
Apple has released a security update to fix the first Zero-Day vulnerability of 2025, identified as CVE-2025-24085, which has been actively exploited to target iPhone users. This privilege escalation vulnerability affects the Core Media framework, responsible for handling multimedia tasks on iOS and macOS. Attackers could exploit this flaw to gain elevated privileges, and it has been observed in devices running iOS versions prior to 17.2.
To address this issue, Apple has improved memory management related to a Use After Free vulnerability. The affected devices include:
- iPhone XS and later
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
Apple has patched this vulnerability through updates in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3. While the company has not disclosed details of the attacks exploiting this flaw, it strongly recommends users update their devices immediately to mitigate potential risks.
In 2024, Apple had already patched six Zero-Day vulnerabilities across its products.
Source https://securityaffairs.com/173536/hacking/apple-fixed-the-first-zero-day-vulnerability-of-2025.html
