Apple has released a series of security updates across its product ecosystem, addressing multiple vulnerabilities, including a zero-day flaw that has reportedly been exploited in the wild. The updates covering iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, provide fixes for critical security issues that could allow privilege escalation, arbitrary code execution, and denial-of-service attacks.
Actively exploited flaw
Among the most critical fixes is CVE-2025-24085, a use-after-free vulnerability in CoreMedia that could allow a malicious application to elevate privileges. Apple has acknowledged reports that this flaw may have been actively exploited against versions of iOS prior to iOS 17.2, raising concerns about potential real-world attacks. The vulnerability has now been patched with improved memory management.
Other security fixes
Alongside the zero-day fix, Apple addressed several high-risk vulnerabilities across different system components:
Kernel Privilege Escalation (CVE-2025-24107, CVE-2025-24159): These flaws could allow a malicious app to gain root privileges or execute arbitrary code with kernel privileges, making them particularly dangerous.
AirPlay Vulnerabilities (CVE-2025-24126, CVE-2025-24129, CVE-2025-24131, CVE-2025-24137, CVE-2025-24177): Discovered by Uri Katz of Oligo Security, these vulnerabilities affect iPhones, iPads, Macs, Apple Watch, Apple TV, and Vision Pro. They could enable denial-of-service attacks, unexpected app termination, and in some cases, arbitrary code execution via network-based exploits.
CoreAudio and CoreMedia Flaws (CVE-2025-24123, CVE-2025-24124, CVE-2025-24160, CVE-2025-24161, CVE-2025-24163): Issues in Apple's media playback and processing components could lead to app crashes when parsing maliciously crafted files. Several of these were reported by Google's Threat Analysis Group and Trend Micro’s Zero Day Initiative.
Safari and WebKit Vulnerabilities (CVE-2025-24128, CVE-2025-24113, CVE-2025-24143, CVE-2025-24158, CVE-2025-24162): Exploits targeting malicious websites could result in address bar spoofing, UI manipulation, or denial-of-service attacks. One issue (CVE-2025-24113) could allow attackers to deceive users through UI spoofing.
LaunchServices Privacy Risks (CVE-2025-24117, CVE-2025-24115, CVE-2025-24116): Some of these flaws could enable fingerprinting attacks, while others allow unauthorized file access.
The vulnerabilities affect a broad range of Apple devices, including:
- iPhone XS and later
- iPad Pro (various models), iPad Air (3rd gen and later), iPad (7th gen and later), iPad mini (5th gen and later)
- Macs running macOS Sequoia 15.3
- Apple Watch Series 6 and later
- Apple TV HD and Apple TV 4K
- Apple Vision Pro running visionOS 2.3
Users are strongly advised to update their devices immediately to iOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3 to mitigate the risk posed by these vulnerabilities. Keeping systems up to date is crucial, particularly in light of active exploits targeting iOS.
For enterprises and security-conscious users, network segmentation and application sandboxing can help limit the potential impact of these flaws. Additionally, users should be cautious of suspicious websites and unsolicited app installations, as WebKit and CoreMedia vulnerabilities are commonly leveraged in malware attacks.
Bitwarden Adds Email Verification for Unrecognized Logins
WTF