Apple has issued software updates to address multiple security vulnerabilities in its ecosystem. The company reported a zero-day exploit (CVE-2025-24085) exploited in wild use cases, allowing pre-installed malicious apps to elevate privileges via the Core Media component. Affected devices include iOS 18.3 and iPadOS 18.3; iPhone XS and later models; iPad Pro variants from the 13-inch and earlier generations; iPad Pro 11-inch first-gen devices; iPad Air third-gen, and later; iPad seventh-gen and later; iPad mini fifth-gen, as well as macOS Sequoia, tvOS 18.3, visionOS 2.3, and watchOS 11.3. While details on real-world exploitation remain unclear, Apple has not attributed the vulnerability to a security researcher.
The updates also fix five AirPlay vulnerabilities reported by Oligo Security’s Uri Katz. These could enable attackers to cause system issues like program termination, denial-of-service, or code execution under specific conditions. Additionally, Google’s Threat Analysis Group discovered and reported three CoreAudio vulnerabilities (CVE-2025-24160/24161/24163) leading to app crashes when parsing special files.
Apple recommends users apply these patches to mitigate potential security risks.
Source: https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html