The first actively exploited zero-day bug in the history of Apple has been fixed

BleepingComputer

​Apple has released security updates to fix this year’s first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple’s Core Media framework.
Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” Apple said today.
Apple has fixed CVE-2024-23222 with improved memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.
While this zero-day bug was likely only exploited in targeted attacks, it is highly advised to install today’s security updates as soon as possible to block potentially ongoing attack attempts.

NEGATIVE

This year’s first zero-day vulnerability, which has been identified as being actively exploited in attacks against iPhone users, has been fixed by Apple with security updates.

The privilege escalation security flaw in Apple’s Core Media framework that was fixed today is known as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS].

It’s possible for a malicious application to increase privileges. According to a report, this vulnerability may have been actively exploited against iOS versions prior to iOS 17.2, Apple acknowledged today.

Go to the Advertiser’s website and select the “GO TO PAGE” option.

Core Media “defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms,” according to the company’s official documentation. “.”.

Improved memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3 has been implemented by Apple to address CVE-2024-12322.

Due to the fact that the bug affects both older and newer models, the list of devices affected by this zero-day is fairly extensive.

later models of the iPhone XS.

iPad Air 3rd generation and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Pro 7th generation and later, and iPad mini 5th generation and later.

Sequoia on macOS.

Series 6 and up of the Apple Watch.

All models of Apple TV HD and Apple TV 4K.

Although Apple has revealed that this security flaw is exploited in the wild, it has not yet identified a security researcher as the source of the discovery or released information about attacks.

Installing today’s security updates as soon as possible is strongly recommended to prevent potentially ongoing attack attempts, even though this zero-day bug was probably only used in targeted attacks.

Six zero-days were set by the company last year: two in March, one in January, a fourth in May, and two more in November.

In 2023, Apple fixed 20 zero-day vulnerabilities that were being exploited in the wild, for example.

scroll to top