Apple Issues Critical Security Update for Multiple Platforms

In a crucial move to bolster user security, Apple has rolled out a patch addressing a zero-day vulnerability designated as CVE-2025-24085. The flaw currently lacks a Common Vulnerability Scoring System (CVSS) score, reflecting its serious nature, as it is actively exploited in the wild.

This vulnerability spans across various Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. As a privileged escalation flaw within Apple’s Core Media framework, it poses a significant risk to user security.

The Core Media framework, as described by Apple, serves as a pivotal media processing system utilized by AVFoundation and other high-level media frameworks. It facilitates not only the processing of media samples but also the management of media data queues.

The recent patch is included with iOS 18.3, which addresses a total of 29 vulnerabilities, providing a comprehensive security overhaul. Apple has been notably reticent regarding the specifics of the issues resolved in this update, likely in an effort to mitigate the risk of further exploitation by malicious actors prior to the application of the fixes by users.

Devices Affected by the Vulnerability

The following devices are affected by this security flaw:

Apple Watch Series 6 and later
Apple TV HD and all models of Apple TV 4K
iPad Pro: 13-inch, 12.9-inch (3rd generation and later), 11-inch (1st generation and later)
iPad Air (3rd generation and later)
iPad (7th generation and later)
iPad mini (5th generation and later)

Potential Exploitation Concerns

Apple has indicated that it is aware of reports suggesting that this vulnerability may have been actively exploited in versions of iOS prior to iOS 17.2. However, the company has not provided any specifics regarding these exploitation attempts and has not attributed the discovery of the vulnerability to any particular researcher.

This situation underscores the importance of timely updates and vigilance in security practices, particularly for users operating devices susceptible to such vulnerabilities.

Source
www.darkreading.com

Apple Addresses Actively Exploited Zero-Day Vulnerability

Apple Issues Critical Security Update for Multiple Platforms

Devices Affected by the Vulnerability

Potential Exploitation Concerns

Google Warns of Increasing Enterprise-Specific Zero-Day Exploits

Cybersecurity Leaders Condemn ‘Political Persecution’ of Chris Krebs in Letter to the President

Broadcom-Supported SAN Devices Vulnerable to Code Injection Attacks Due to Critical Fabric OS Flaw

NASA Reaches New Heights in the First 100 Days of the Trump Administration

CBS Evening News Plus: April 29 Edition

Carême Review – A Sizzling French Adventure Featuring a Chef That’s Too Hot to Handle | Television & Radio

Breaking news

CBS Evening News Plus: April 29 Edition

Kid Rock Labels Media as ‘Public Enemy Number One’ for Ignoring Trump’s Olive Branches

Ukraine Reports 120,000 Defective Mortar Rounds Sent to Front Line Due to Cost-Cutting Measures by Manufacturer

Mattias Janmark’s Goal Leads Dominant Oilers to 3-1 Victory Over Kings

Blake Lively Experiences Wardrobe Glitch at Another Simple Favor Premiere

In Pursuit of Christie Wilson

Conservative Commentator David Horowitz Passes Away at 86