Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Summary:
Apple has patched a use-after-free zero-day vulnerability (CVE-2025-24085) in the Core Media component that could enable a malicious application already installed on the device to elevate privileges. In its advisory, the vendor noted that it is aware of reports of active exploitation of CVE-2025-24085 in the wild, notably targeting devices running iOS versions before 17.2. Apple says it has addressed the flaw with improved memory management in the following devices and operating system versions:
The exploitation of zero-days in Apple products is commonly associated with campaigns designed to deploy spyware on vulnerable devices. In 2023, Citizen Lab found an actively exploited zero-click chain (CVE-2023-41064 and CVE-2023-41061) being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. Dubbed BLASTPASS, the exploit chain was used to target iPhones running iOS 16.6, allowing attackers to compromise the device without any interaction from the victim. In this case, the exploit involved sending PassKit attachments containing malicious images to the victim via iMessage. Since no user interaction was required, this allowed the actors easy access to the device, allowing them to steal data of interest and monitor the victim’s activities through the deployment of Pegasus spyware.
Suggested Corrections:
Users should regularly update their devices with the latest security patches, refrain from opening attachments or links from unknown senders, ensure that software is installed only from trusted sources, and implement antivirus solutions in place to detect and prevent the deployment of malicious payloads.
Link(s):
https://support.apple.com/en-us/122066
Apple has patched a use-after-free zero-day vulnerability (CVE-2025-24085) in the Core Media component that could enable a malicious application already installed on the device to elevate privileges. In its advisory, the vendor noted that it is aware of reports of active exploitation of CVE-2025-24085 in the wild, notably targeting devices running iOS versions before 17.2. Apple says it has addressed the flaw with improved memory management in the following devices and operating system versions:
- iOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- macOS Sequoia 15.3 - Macs running macOS Sequoia
- tvOS 18.3 - Apple TV HD and Apple TV 4K (all models)
- visionOS 2.3 - Apple Vision Pro
- watchOS 11.3 - Apple Watch Series 6 and later
The exploitation of zero-days in Apple products is commonly associated with campaigns designed to deploy spyware on vulnerable devices. In 2023, Citizen Lab found an actively exploited zero-click chain (CVE-2023-41064 and CVE-2023-41061) being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. Dubbed BLASTPASS, the exploit chain was used to target iPhones running iOS 16.6, allowing attackers to compromise the device without any interaction from the victim. In this case, the exploit involved sending PassKit attachments containing malicious images to the victim via iMessage. Since no user interaction was required, this allowed the actors easy access to the device, allowing them to steal data of interest and monitor the victim’s activities through the deployment of Pegasus spyware.
Suggested Corrections:
Users should regularly update their devices with the latest security patches, refrain from opening attachments or links from unknown senders, ensure that software is installed only from trusted sources, and implement antivirus solutions in place to detect and prevent the deployment of malicious payloads.
Link(s):
https://support.apple.com/en-us/122066