Apple has rushed out emergency security updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to address a zero-day vulnerability that is already being exploited in the wild to target iPhone users. This critical flaw, tracked as CVE-2025-24085, allows malicious applications to potentially gain elevated privileges on vulnerable devices.
The vulnerability resides within Apple’s Core Media framework, a crucial component that underpins the media pipeline used by AVFoundation and other high-level media frameworks across Apple’s ecosystem. Think of Core Media as the engine that powers everything from playing videos to streaming music on your Apple devices. A flaw here can have significant ramifications.
Apple’s advisory explicitly states, “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.” This admission underscores the urgency of the situation and highlights the importance of immediately updating your devices.
The impact of this zero-day is widespread, affecting a broad range of devices, including:
- iPhones: iPhone XS and later
- iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later)
- Macs: macOS Sequoia
- Apple Watches: Apple Watch Series 6 and later
- Apple TVs: Apple TV HD and Apple TV 4K (all models)
The updates, designated as iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3, address the CVE-2025-24085 vulnerability with improved memory management.
While Apple hasn’t publicly named the researcher who discovered the flaw or disclosed details about the ongoing attacks, the fact that it’s being actively exploited makes patching a top priority.
What You Should Do:
- Update Immediately: Don’t delay. Install the latest security updates for your iPhone, iPad, Mac, Apple Watch, and Apple TV as soon as they are available. This is the most crucial step to protect yourself.
- Check for Updates Regularly: Enable automatic updates on your devices to ensure you receive future security patches promptly.
- Be Cautious: Avoid clicking on suspicious links or downloading apps from untrusted sources. This can help minimize your risk of exposure to vulnerabilities.
