Apple has rolled out critical security updates to patch this year’s first zero-day vulnerability, identified as CVE-2025-24085.
This actively exploited the flaw, affecting multiple Apple platforms, allows privilege escalation through the Core Media framework, posing a significant risk to iPhone users and other Apple devices.
The company acknowledged the vulnerability in a statement, noting, “A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.” Core Media, a key media processing framework in Apple’s ecosystem, was found to have memory management flaws, which Apple has now addressed with improved security measures.
The updates, available for iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3, cover a wide range of devices. These include:
- iPhone XS and later
- iPad Pro (13-inch, 12.9-inch 3rd generation and later, 11-inch 1st generation and later)
- iPad Air 3rd generation and newer, iPad 7th generation and newer, and iPad mini 5th generation and newer
- macOS Sequoia devices
- Apple Watch Series 6 and newer
- All Apple TV HD and Apple TV 4K models
While Apple has not attributed the vulnerability’s discovery to a specific researcher or disclosed details about the attacks, the company advises users to install the updates immediately.
