In the most recent security update issued by Apple to its users, a vital patch has been released to address a zero-day vulnerability known as CVE-2025-24085 (CVSS score pending). This vulnerability is suspected to impact various Apple operating systems such as iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Classified as a privileged escalation security flaw, this bug is situated within Apple’s Core Media framework and has been actively exploited in the wild.
The Core Media framework, as described by Apple, is the fundamental media pipeline utilized by AVFoundation and other high-level media frameworks present on Apple devices. This framework enables users to process media samples as well as manage queues of media data effectively. To combat this vulnerability, Apple has introduced the iOS 18.3 update, which not only addresses the CVE-2025-24085 issue but also resolves 28 additional vulnerabilities. Apple has chosen not to disclose intricate details about the patched vulnerabilities to prevent malicious entities from exploiting them before users can update their devices.
Devices impacted by this security bug are inclusive of Apple Watch Series 6 and later models, as well as Apple TV HD and Apple TV 4K across all iterations. Moreover, a range of iPad models are affected by this vulnerability including the iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
While Apple has acknowledged that the vulnerability could have been exploited against earlier versions of iOS, specifically predating iOS 17.2, the company has refrained from revealing the exact nature of these attacks or attributing their discovery to any particular researcher.
This proactive approach by Apple underscores the importance of timely software updates and security patches in mitigating potential threats posed by cyber vulnerabilities. By swiftly addressing and resolving such critical issues, Apple aims to safeguard the privacy and security of its users and maintain the integrity of its diverse range of products and services. Users are strongly advised to promptly install the latest updates provided by Apple to ensure the protection of their devices against evolving cybersecurity risks.