
Apple has released critical security updates addressing a zero-day vulnerability (CVE-2025-24085) actively exploited against iPhone users. The flaw, discovered in Apple’s Core Media framework, allows malicious applications to gain elevated privileges on affected devices.
Affected Devices:
– iPhones (XS and later models)
– iPads (various models including Pro, Air, and mini)
– Mac computers running macOS Sequoia
– Apple Watch Series 6 and later
– Apple TV HD and 4K models
– Devices running visionOS
The security patch has been deployed across multiple operating systems:
– iOS/iPadOS 18.3
– macOS Sequoia 15.3
– watchOS 11.3
– visionOS 2.3
– tvOS 18.3
This marks Apple’s first zero-day patch of 2024, following a significant security year in 2023 where the company addressed 20 zero-day vulnerabilities. In 2023, patches were released throughout the year, with multiple fixes in February, April, May, June, July, September, October, and November.
While Apple hasn’t disclosed specific details about the attacks or attributed the discovery to any researcher, users are strongly advised to install the latest security updates immediately to protect their devices from potential exploitation.