Overview
Apple has released security updates to address a newly discovered vulnerability, CVE-2025-24085, in its Core Media framework. This vulnerability is classified as a privilege escalation flaw and is reportedly being actively exploited. If successfully leveraged by a malicious application, this vulnerability could enable an attacker to elevate privileges on an affected device.
To mitigate the risk, Apple has released patches across multiple product lines, urging users and administrators to update their devices immediately. The affected operating systems include iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3.
Details of CVE-2025-24085
The vulnerability stems from a use-after-free (UAF) issue, a memory management flaw where a program continues to access memory after it has been freed. This can lead to arbitrary code execution, privilege escalation, or application crashes. Apple has addressed this issue by improving memory management.
Apple has acknowledged that CVE-2025-24085 may have been actively exploited against iOS versions before iOS 17.2. This underlines the urgency of updating affected devices to the latest security patches.
Impacted Devices and Operating Systems
Apple has rolled out security patches for the following devices and operating system versions:
- iOS 18.3 and iPadOS 18.3:
- iPhone XS and later
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
- macOS Sequoia 15.3 (All Macs running macOS Sequoia)
- tvOS 18.3 (Apple TV HD and Apple TV 4K – all models)
- visionOS 2.3 (Apple Vision Pro)
- watchOS 11.3 (Apple Watch Series 6 and later)
Users and IT administrators are strongly advised to install these updates as soon as possible to mitigate the risk of exploitation.
Additional Security Fixes in iOS 18.3 and iPadOS 18.3
Alongside CVE-2025-24085, Apple has addressed several other security vulnerabilities across different components, including:
- Photos App Authentication Issue
- Impact: Attackers with physical access to an unlocked device could access photos while the app is locked.
- Fix: Improved state management to address authentication issues.
- CVE-2025-24141 (Reported by Abhay Kailasia, C-DAC Thiruvananthapuram, India)
- AirPlay Vulnerabilities
- Impact:
- Local attackers could cause unexpected system termination or corrupt process memory (CVE-2025-24126)
- Remote attackers could cause unexpected app terminations (CVE-2025-24129, CVE-2025-24137)
- Attackers in privileged positions could trigger denial-of-service attacks (CVE-2025-24131, CVE-2025-24177)
- Fix: Improved input validation and memory management.
- Reported by: Uri Katz (Oligo Security)
- Impact:
- ARKit Parsing Issue
- Impact: Parsing a malicious file could lead to app termination.
- Fix: Strengthened file validation checks.
- CVE-2025-24127 (Reported by Zhejiang University researchers)
- CoreAudio File Parsing Flaws
- Impact: Malicious file parsing could result in unexpected app crashes.
- Fix: Implemented improved security checks.
- CVE-2025-24160, CVE-2025-24161, CVE-2025-24163 (Reported by Google Threat Analysis Group)
- CoreMedia Vulnerabilities
- Impact: Parsing malicious files could lead to app crashes or privilege escalation.
- Fix: Improved input validation and memory handling.
- CVE-2025-24123, CVE-2025-24124 (Reported by Trend Micro Zero Day Initiative researchers)
- Kernel Privilege Escalation Issue
- Impact: Malicious applications may gain root privileges.
- Fix: Addressed permission flaws in kernel security handling.
- CVE-2025-24086 (Reported by Enki WhiteHat researchers)
User Recommendations
Apple has emphasized the importance of keeping devices up to date to protect against emerging threats. Users and administrators should take the following steps:
- Update Immediately: Ensure that all Apple devices are updated to the latest available OS versions.
- Enable Automatic Updates: Configure devices to install updates automatically.
- Verify App Permissions: Monitor and limit app permissions to reduce potential attack surfaces.
- Stay Informed: Regularly check Apple’s security updates page for new patches and vulnerabilities.
- Avoid Suspicious Downloads: Only install apps from trusted sources such as the Apple App Store.
Apple’s rapid response in addressing the vulnerability and releasing patches across multiple platforms demonstrates its commitment to user security. However, users also have the responsibility to apply updates promptly to safeguard their devices from potential threats.
By staying updated and following best security practices, users can reduce the risk of cyberattacks and ensure a safer digital environment.
