Apple Warns iPhone Users of Exploited iOS Bug

Apple released patches for an exploited zero-day vulnerability that exists in its CoreMedia framework. The flaw (CVE-2025-24085) is fixed in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3 and visionOS 2.3.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” according to Apple’s release on Monday. Apple released iOS 17.2 in December 2023.

The iPhone maker did not release further details at this time about the nature and extent of the reported exploitation activity.

Key Details:

• According to Apple, the flaw could allow a malicious application to elevate privileges

• The company’s security advisory said that the use-after-free issue was addressed with improved memory management

• According to Apple’s developer page, “the Core Media framework defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms. Use Core Media’s low-level data types and interfaces to efficiently process media samples and manage queues of media data”

The Apple patches on Monday are available for: 

• iPhone XS and later

• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

• Apple Vision Pro

• macOS Sequoia

• Apple Watch Series 6 and later

• Apple TV HD and Apple TV 4K (all models)

What to Do: CVE-2025-24085 is one of several vulnerabilities fixed in Apple’s latest security release. Apple users can update by going to iPhone Settings > General > Software Update, and then downloading and installing iOS 18.3 as soon as possible.