Apple has released updates across its platforms, including iOS 18.3, iPadOS 18.3, macOS Ventura, macOS Sonoma, macOS Sequoia, and Safari, to address multiple vulnerabilities.
These updates include critical fixes for zero-day vulnerabilities that were actively being exploited, as well as other security issues.
Apple has released security updates to address a critical zero-day vulnerability that had been actively exploited in the wild, affecting a wide range of its devices including iPhones, iPads, and Macs.
.png
)
One of the most critical fixes addressed a CoreMedia vulnerability (CVE-2025-24085). Apple confirmed that this vulnerability was actively exploited.
It allowed malicious applications to elevate privileges through a “use-after-free” bug. The issue has now been resolved with improved memory management.
The zero-day flaw resides in Apple’s CoreMedia framework, which is central to handling media files on Apple’s operating systems.
According to Apple’s security advisories, this vulnerability could allow attackers to execute arbitrary code by processing maliciously crafted media content.
This could lead to unauthorized access to sensitive user data, potentially compromising privacy and security.
Apple has addressed this vulnerability could potentially allow attackers to execute arbitrary code with kernel privileges on devices running affected versions of
Apple’s acknowledgment of active exploitation underscores the urgency of these updates, urging all users to install them immediately to prevent any further security breaches.
Apple has historically been prompt in addressing zero-day vulnerabilities, often issuing patches outside their regular update schedule. This case is no exception, with the company pushing these security fixes to users globally.
The urgency of the patch deployment highlights Apple’s commitment to user security, especially in light of the increasing sophistication of cyber threats.
“Apple is aware of reports that this issue may have been actively exploited,” the company noted in its security bulletin. This acknowledgment typically implies that the vulnerability was leveraged in targeted attacks, possibly by state-sponsored actors or commercial surveillance vendors.
Summary of Vulnerabilities
| Component | Platform | Impact | Description | CVE ID |
|---|---|---|---|---|
| Safari Passwords | macOS Ventura, Sonoma | A malicious app may bypass browser extension authentication | Logging issue fixed with improved data redaction | CVE-2025-24169 |
| Safari | macOS Ventura, Sonoma | Visiting malicious sites may lead to address bar spoofing | Additional logic added to prevent spoofing | CVE-2025-24128 |
| Safari | macOS Ventura, Sonoma | Visiting malicious sites may result in user interface spoofing | Improved UI to address the issue | CVE-2025-24113 |
| WebKit | macOS Ventura, Sonoma | Malicious webpages may fingerprint users | Improved access restrictions to the file system | CVE-2025-24143 |
| WebKit | macOS Ventura, Sonoma | Processing web content may lead to denial-of-service | Memory-handling improvements | CVE-2025-24158 |
| WebKit | macOS Ventura, Sonoma | Malicious content may lead to unexpected process crashes | Improved state management | CVE-2025-24162 |
| WebKit Web Inspector | macOS Ventura, Sonoma | Copying URLs in Web Inspector may lead to a command injection | Improved file handling | CVE-2025-24150 |
| Accessibility | iOS and iPadOS 18.3 | Physical access to unlocked device may enable bypass of locked Photos app | State management enhancements | CVE-2025-24141 |
| AirPlay | iOS, iPadOS, macOS Sequoia | Remote attackers could cause denial-of-service or arbitrary code execution | Improved input validation and memory handling | CVE-2025-24126, CVE-2025-24137, etc. |
| CoreMedia | iOS, iPadOS, macOS Sequoia | Parsing files may lead to unexpected app termination | Improved checks | CVE-2025-24123, CVE-2025-24124 |
| Kernel | iOS, iPadOS, macOS Sequoia | Apps may gain root/kernel privileges | Additional memory and permissions restrictions | CVE-2025-24107, CVE-2025-24159 |
| SceneKit | iOS, iPadOS, macOS Sequoia | Out-of-bounds reads may disclose user information | Bounds checking improvements | CVE-2025-24149 |
| WebContentFilter | iOS, iPadOS, macOS Sequoia | Out-of-bounds write may cause system termination or corrupt kernel memory | Improved input validation | CVE-2025-24154 |
| ImageIO | iOS, iPadOS, macOS Sequoia | Processing images may cause denial-of-service | Enhanced memory handling | CVE-2025-24086 |
| LaunchServices | iOS, iPadOS, macOS Sequoia | Apps may fingerprint users | Sensitive information redaction improved | CVE-2025-24117 |
| Time Zone | iOS, iPadOS, macOS Sequoia | Apps may view a contact’s phone number in logs | Enhanced private data redaction | CVE-2025-24145 |
Apple users are strongly advised to update their devices immediately to protect against these vulnerabilities. Apple continues its proactive effort in enhancing the security and privacy of its users by addressing such issues comprehensively.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free