Apple Security

Apple Releases Critical Security Updates to Patch Actively Exploited Zero-Day Vulnerability

/ by Corentin C | Leave a comment

Apple Zeroday

Apple has recently released a series of security updates to address multiple vulnerabilities impacting iOS, macOS, Safari, and other products. Among these, a zero-day vulnerability actively exploited in the wild—CVE-2025-24085—poses a significant risk to users. This flaw resides in iOS’s CoreMedia component and could allow attackers to take control of vulnerable devices through malicious applications masquerading as media players.

CVE-2025-24085: A Critical Zero-Day Threat

The zero-day vulnerability, CVE-2025-24085, is classified as a use-after-free (UAF) flaw in CoreMedia. Such vulnerabilities arise due to improper memory management, where a program continues to reference memory after it has been freed. This can lead to crashes, arbitrary code execution, or privilege escalation.

Apple confirmed that iOS versions prior to 17.2 are affected and that attackers have already exploited this vulnerability in real-world attacks. However, specific details regarding exploitation methods remain undisclosed. Similar past vulnerabilities, such as CVE-2023-32434, required minimal user interaction—often triggered by playing a malicious video or opening a deceptive link.

Other Security Fixes in Apple’s Latest Updates

In addition to CVE-2025-24085, Apple has patched 28 additional iOS vulnerabilities and 60 macOS vulnerabilities, affecting multiple system components. These security flaws, if exploited, could lead to:

  • Authentication bypass
  • Denial-of-service (DoS) attacks
  • Arbitrary code execution
  • Privilege escalation
  • User fingerprinting
  • System file modification
  • Spoofing and information exposure
  • Command injection

Furthermore, seven vulnerabilities in Safari have also been patched to prevent browser extension authentication bypass, address bar spoofing, user fingerprinting, and unexpected crashes.

Devices Affected

The security updates apply to a wide range of Apple devices, including:

  • iPhone XS and later
  • iPad models (iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later)
  • macOS Sequoia
  • Apple Watch Series 6 and later
  • All Apple TV HD and Apple TV 4K models

Users running these devices should immediately install the latest security updates to mitigate the risk of exploitation.

How to Protect Your Apple Devices

Given the active exploitation of CVE-2025-24085 and the breadth of vulnerabilities patched, users should take the following steps:

  1. Update your device: Navigate to Settings > General > Software Update and install the latest software version.
  2. Enable Automatic Updates: To ensure timely security patches, turn on automatic updates in the software update settings.
  3. Exercise caution with media files and applications: Be wary of downloading or opening untrusted media files, as similar CoreMedia vulnerabilities in the past have been exploited through malicious video files.
  4. Stay informed: Regularly check Apple’s security advisories and cybersecurity news sources for emerging threats and updates.

Conclusion

Apple’s latest security updates address a range of critical vulnerabilities, including an actively exploited zero-day that could compromise devices through malicious apps. Given the potential impact of CVE-2025-24085 and related security flaws, users should update their devices as soon as possible. Staying proactive about software updates and cybersecurity best practices remains the best defense against evolving threats.

For more cybersecurity insights and updates, keep following ToolsLib.

Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!

Tagged

You might also like

deepseek website

DeepSeek AI Leak: Security Lapse Exposes Over a Million Log Entries, API Keys, and Chat Data

Chinese AI startup DeepSeek suffered a major security breach after leaving a ClickHouse database publicly accessible, exposing over a million log entries, API keys, and chat history. Security researchers warned that attackers could have accessed internal data, executed SQL queries, and escalated privileges. This incident highlights the critical risks of poor AI security practices, especially as DeepSeek faces growing scrutiny over privacy concerns and potential misuse of OpenAI’s API.

Read more »

deepseek website

DeepSeek Faces Massive Cyberattack

DeepSeek, the Chinese AI app that recently overtook ChatGPT in App Store downloads, is under attack. Facing a large-scale cyberattack, the platform has limited new user registrations but remains accessible to existing users. This incident underscores growing cybersecurity risks in the AI industry amidst DeepSeek's rapid rise and global impact.

Read more »

Crypto Wallet

Guide: How to Secure Your Crypto Wallet

Your crypto wallet is the key to your digital assets, making its security vital. This guide covers the best practices for protecting your wallet, from strong passwords to hardware wallets, and avoiding common mistakes. Stay safe in the world of cryptocurrencies!

Read more »

7-zip-7z-file-archiver-data-compression

Critical 7-Zip Vulnerability Allows Attackers to Bypass Windows Security Features

A high-severity vulnerability in 7-Zip, tracked as CVE-2025-0411, enables attackers to bypass the Windows Mark of the Web (MotW) security feature, putting users at risk of malware. This issue, stemming from improper handling of archived files, has been addressed in version 24.09. Learn why updating your software is critical to maintaining your security.

Read more »

microsoft-patch-tuesday

January 2025 Windows Update: Key Highlights from Patch Tuesday

The January 2025 Windows Update brings cumulative updates KB5050009 and KB5050021, enhancing security and addressing critical issues. Explore the changes, known bugs, and tips for smooth installation.

Read more »

Critical Windows Vulnerability – PoC for CVE-2024-43452 Now Available

A new PoC exploit for CVE-2024-43452 affects Windows 11 23H2, allowing attackers to escalate privileges to SYSTEM level through malicious SMB responses. This flaw, discovered by Google Project Zero, exposes serious risks, and Microsoft has already addressed it in the November 2024 updates. Apply the patch immediately and follow best practices to secure your systems.

Read more »

High-Severity Vulnerability Found in Dell SupportAssist: CVE-2024-52535

A newly disclosed vulnerability, CVE-2024-52535, in Dell SupportAssist could allow attackers to escalate privileges and delete critical files. Affecting both Home and Business PC versions, this high-severity flaw highlights the importance of updating to the latest software versions. Find out how to mitigate this risk effectively.

Read more »

Beware of Malicious ZIP Files: How to Stay Safe

Malicious ZIP files are often used in cyberattacks to deliver harmful malware. This article explores how these files work, common disguise techniques, and practical tips to help you recognize and prevent these threats.

Read more »

The Top 5 Cyber-Attacks of 2024: Lessons Learned and Future Steps

2024 witnessed a surge in sophisticated cyber-attacks across industries. From healthcare disruptions to software supply chain vulnerabilities, these incidents underscore the urgent need for stronger cybersecurity measures. Explore the top five attacks and the lessons they teach us.

Read more »

What Is End-to-End Encryption Messaging and Why You Should Use It

End-to-end encryption (E2EE) ensures your messages remain private and secure, accessible only to you and the recipient. In this post, we explore how E2EE works, its advantages and limitations, and the best apps for safeguarding your communication. Stay protected in the digital world!

Read more »

windows 11

Windows 11 24H2 Update: New Features, Bugs, and a Critical Security Vulnerability

The Windows 11 24H2 update introduces exciting new features but comes with notable bugs and a severe security vulnerability. Learn how to stay protected while exploring the latest enhancements.

Read more »

Top 5 Network Analysis Tools for 2025

In 2025, network analysis tools are essential for cybersecurity teams looking to understand and combat malware. From packet analyzers to malware sandboxes, these tools provide insights into how malware communicates, spreads, and exfiltrates data. Discover the top 5 tools that can help you stay ahead of evolving threats.

Read more »

To top

Table of Contents

Index
×