HomeCyber BalkansApple's iOS devices vulnerable to zero-day attack

Apple’s iOS devices vulnerable to zero-day attack

Published on

spot_img

Apple’s CoreMedia framework has been targeted by attackers exploiting a zero-day vulnerability, which was recently disclosed and patched by Apple. The vulnerability, officially tracked as CVE-2025-24085, is classified as a use-after-free issue that allows cybercriminals to elevate privileges within Apple’s iOS, iPadOS, macOS, watchOS, tvOS, and visionOS systems. At the time of disclosure, no CVSS score had been assigned to this particular vulnerability.

According to Apple, there have been reports of active exploitation of this vulnerability in versions of iOS prior to iOS 17.2. The company released an advisory acknowledging the issue and stated that it has been addressed with “improved memory management” in the latest updates including iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3. Apple is known for providing limited information in its security advisories, leaving the full scope of the threat unclear. Additionally, the specific details of the vulnerability and the identities of those who discovered it remain unknown.

Apple has a history of addressing zero-day vulnerabilities in its products, with many of them being exploited by commercial spyware vendors targeting iOS devices. In 2021, Apple took legal action against NSO Group, a prominent spyware vendor, in response to the malicious activities. However, the lawsuit was dropped in September of the same year as Apple decided not to disclose its threat intelligence and defenses against spyware publicly.

In a similar vein, Apple disclosed two zero-day vulnerabilities impacting macOS in November of the same year. These vulnerabilities, named CVE-2024-44308 and CVE-2024-44309, were detected by researchers from Google’s Threat Analysis Group. The discoveries align with the surge in malicious activities targeting macOS systems, as noted by cybersecurity firms such as SentinelOne and Trellix.

As the news of these ongoing cyber threats continues to unfold, the tech community remains vigilant in monitoring and responding to potential security risks. Apple’s efforts to address vulnerabilities and protect its users underscore the importance of proactive measures in safeguarding digital environments. With the evolving landscape of cyber threats, staying informed and implementing robust security measures are crucial steps in defending against malicious activities.

Rob Wright, a seasoned reporter and senior news director in Informa TechTarget’s security team, leads the coverage of breaking infosec news and emerging trends. His expertise in the field contributes to raising awareness about cybersecurity challenges and solutions. Readers are encouraged to reach out with tips or inquiries regarding cybersecurity issues.

Source link

Latest articles

Verified X Sponsored Ad Distributes Mac Malware and ConsentFix Compromises Microsoft 365 Accounts

New Malware Campaign Targets Mac Users and Microsoft 365 Accounts In a recent study conducted...

Cisco Unified CM Vulnerability Exploitation

Cisco Systems Confirms Active Exploitation of Unified Communications Manager Vulnerability Cisco Systems has issued an...

Avalon Malware Exploits Legal Documents to Distribute CrownX Ransomware Functions

New Malware Framework, Avalon, Exposed: A Threat to Cybersecurity A recently identified malware framework, dubbed...

Shadow AI: Regulating the Invisible

Why Shadow AI Is Becoming a Security Challenge for Modern Organizations As the proliferation of...

More like this

Verified X Sponsored Ad Distributes Mac Malware and ConsentFix Compromises Microsoft 365 Accounts

New Malware Campaign Targets Mac Users and Microsoft 365 Accounts In a recent study conducted...

Cisco Unified CM Vulnerability Exploitation

Cisco Systems Confirms Active Exploitation of Unified Communications Manager Vulnerability Cisco Systems has issued an...

Avalon Malware Exploits Legal Documents to Distribute CrownX Ransomware Functions

New Malware Framework, Avalon, Exposed: A Threat to Cybersecurity A recently identified malware framework, dubbed...