Apple zero-day vulnerability under attack on iOS devices

Apple on Monday disclosed and patched a zero-day vulnerability in its CoreMedia framework that is currently under attack in the wild.

Tracked as CVE-2025-24085, the zero-day is described by Apple as a use-after-free issue that lets attackers elevate privileges. The CoreMedia flaw affects Apple's iOS, iPadOS, macOS, watchOS, tvOS and visionOS. No CVSS score has been assigned to the vulnerability at press time.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," the company said in an advisory.

Apple said in the advisory that the flaw was fixed with "improved memory management" in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3 and visionOS 2.3.

Apple typically provides limited information about vulnerabilities in its security advisories, so the scope of the threat activity and technical details surrounding CVE-2025-24085 are unknown. It's also unclear who discovered the flaw; the advisory's recognition section acknowledges "Song Hyun Bae (@bshyuunn) and Lee Dong Ha (Who4mI) for their assistance" with CoreMedia Playback issues, but the entry for CVE-2025-24085 does not credit any specific individuals.

Informa TechTarget contacted Apple for comment, but the company did not respond at press time.

In recent years, Apple has addressed a large number of zero-day vulnerabilities, many of which have been exploited by commercial spyware vendors against iOS devices. Such threat activity prompted the technology giant to file a lawsuit in 2021 against NSO Group, arguably the most well-known spyware vendor in the world. In September, Apple dropped the lawsuit because it did not want to publicly share its threat intelligence and sensitive information concerning its defenses against spyware.

Not all recent zero-day attacks have been against Apple mobile technology. In November, the company disclosed two macOS zero-day vulnerabilities, tracked as CVE-2024-44308 and CVE-2024-44309. The discoveries, which were made by researchers with Google's Threat Analysis Group, coincide with increases in malicious activity against macOS, according to cybersecurity vendors such as SentinelOne and Trellix.

Rob Wright is a longtime reporter and senior news director for Informa TechTarget's security team. He drives breaking infosec news and trends coverage. Have a tip? Email him.