Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company said in a terse advisory.
The issue has been addressed with improved memory management in the following devices and operating system versions –
- iOS 18.3 and iPadOS 18.3 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- macOS Sequoia 15.3 – Macs running macOS Sequoia
- tvOS 18.3 – Apple TV HD and Apple TV 4K (all models)
- visionOS 2.3 – Apple Vision Pro
- watchOS 11.3 – Apple Watch Series 6 and later
As is typically the case, there are currently no details on how the vulnerability may have been exploited in real-world attacks, by whom, and who may have been targeted. Apple has yet to attribute the discovery of the shortcoming to a security researcher.
The updates also address five security flaws in AirPlay, all reported by Oligo Security researcher Uri Katz, that could be exploited by an attacker to cause unexpected system termination, denial-of-service (DoS), or arbitrary code execution under certain conditions.
Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting three vulnerabilities in the CoreAudio component (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) that may lead to an unexpected app termination when parsing a specially crafted file.
With CVE-2025-24085 tagged as actively exploited, users of Apple devices are recommended to apply the patches to safeguard against potential threats.