HomeCyber BalkansApple's iOS devices vulnerable to zero-day attack

Apple’s iOS devices vulnerable to zero-day attack

Published on

spot_img

Apple’s CoreMedia framework has been targeted by attackers exploiting a zero-day vulnerability, which was recently disclosed and patched by Apple. The vulnerability, officially tracked as CVE-2025-24085, is classified as a use-after-free issue that allows cybercriminals to elevate privileges within Apple’s iOS, iPadOS, macOS, watchOS, tvOS, and visionOS systems. At the time of disclosure, no CVSS score had been assigned to this particular vulnerability.

According to Apple, there have been reports of active exploitation of this vulnerability in versions of iOS prior to iOS 17.2. The company released an advisory acknowledging the issue and stated that it has been addressed with “improved memory management” in the latest updates including iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3. Apple is known for providing limited information in its security advisories, leaving the full scope of the threat unclear. Additionally, the specific details of the vulnerability and the identities of those who discovered it remain unknown.

Apple has a history of addressing zero-day vulnerabilities in its products, with many of them being exploited by commercial spyware vendors targeting iOS devices. In 2021, Apple took legal action against NSO Group, a prominent spyware vendor, in response to the malicious activities. However, the lawsuit was dropped in September of the same year as Apple decided not to disclose its threat intelligence and defenses against spyware publicly.

In a similar vein, Apple disclosed two zero-day vulnerabilities impacting macOS in November of the same year. These vulnerabilities, named CVE-2024-44308 and CVE-2024-44309, were detected by researchers from Google’s Threat Analysis Group. The discoveries align with the surge in malicious activities targeting macOS systems, as noted by cybersecurity firms such as SentinelOne and Trellix.

As the news of these ongoing cyber threats continues to unfold, the tech community remains vigilant in monitoring and responding to potential security risks. Apple’s efforts to address vulnerabilities and protect its users underscore the importance of proactive measures in safeguarding digital environments. With the evolving landscape of cyber threats, staying informed and implementing robust security measures are crucial steps in defending against malicious activities.

Rob Wright, a seasoned reporter and senior news director in Informa TechTarget’s security team, leads the coverage of breaking infosec news and emerging trends. His expertise in the field contributes to raising awareness about cybersecurity challenges and solutions. Readers are encouraged to reach out with tips or inquiries regarding cybersecurity issues.

Source link

Latest articles

Google Mandiant identifies MSI flaw in Lakeside Software

A vulnerability in a Microsoft software installer developed by Lakeside Software has been discovered,...

Can Your Security Measures Backfire on You?

In the realm of cybersecurity, the age-old concept of breaching defenses to launch an...

Domain extension ‘.bank.in’ aims to prevent cybercrime – MSN

The Reserve Bank of India (RBI) has introduced a new initiative to combat digital...

Hackers exploit exposed ASP.NET machine keys to compromise IIS servers

Microsoft threat researchers detected a ViewState code injection attack in December 2024, revealing a...

More like this

Google Mandiant identifies MSI flaw in Lakeside Software

A vulnerability in a Microsoft software installer developed by Lakeside Software has been discovered,...

Can Your Security Measures Backfire on You?

In the realm of cybersecurity, the age-old concept of breaching defenses to launch an...

Domain extension ‘.bank.in’ aims to prevent cybercrime – MSN

The Reserve Bank of India (RBI) has introduced a new initiative to combat digital...