Apple Patches 2025’s First Zero-Day Vulnerability Exploited in iPhone Attacks

by | Jan 28, 2025 | News

Apple Patches 2025's First Zero-Day Vulnerability Exploited in iPhone Attacks

Post Views: 82




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Apple has released urgent security updates to address the first zero-day vulnerability of 2025, which has been actively exploited in attacks targeting iPhone users.

Details of the Exploit

The zero-day vulnerability, tracked as CVE-2025-24085, is a privilege escalation flaw in Apple’s Core Media framework. According to Apple, “a malicious application may be able to elevate privileges,” with reports indicating active exploitation in attacks on iOS versions before 17.2.

Core Media is a fundamental framework that powers the media pipeline in AVFoundation and other media-related systems across Apple devices.

Affected Devices and Updates

Apple has issued patches for a wide range of devices, including both older and newer models. The security updates are available in the following operating systems:

  • iOS 18.3 and iPadOS 18.3
  • macOS Sequoia 15.3
  • watchOS 11.3
  • visionOS 2.3
  • tvOS 18.3

Impacted devices include:

  • iPhone XS and later
  • iPad Pro (13-inch, 12.9-inch 3rd gen and later, 11-inch 1st gen and later)
  • iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later)
  • macOS Sequoia devices
  • Apple Watch Series 6 and later
  • Apple TV HD and Apple TV 4K

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Importance of Updating

Although Apple has not shared specific details about the attacks exploiting this flaw or the identity of the researchers who discovered it, the company has emphasized the importance of updating immediately. Installing these updates will protect users from ongoing attack attempts.

Historical Context

Apple’s vigilance with zero-days is notable:

  • 2025: This is the first confirmed zero-day patch of the year.
  • 2024: Six zero-days were fixed, starting with one in January.
  • 2023: 20 zero-days were addressed, with notable exploits patched in February, April, June, and November.

Trending: Breaking Down Active and Passive Reconnaissance




Trending: Offensive Security Tool: Penelope

Advice for Users

Given the scope of impacted devices and the active exploitation in the wild, all users should prioritize installing these updates to ensure their systems remain secure.

Trending: Cloudflare CDN Flaw Enables Zero-Click Geo-Location Attack via Signal, Discord

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This