Apple zero-day vulnerability (CVE-2025-24085)

CVE-2025-24085 is a zero-day vulnerability that arises from a “use after free” issue in Apple’s CoreMedia framework. This flaw affects multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. This vulnerability occurs when memory that has already been freed is improperly accessed, potentially leading to arbitrary code execution or privilege escalation.

Apple has acknowledged that this vulnerability could allow a malicious application to elevate its privileges. It has been reported that this issue may have been actively exploited in versions of iOS prior to 17.2. To address the vulnerability, Apple has improved memory management in the following software versions:

  • iOS 18.3 and iPadOS 18.3
  • macOS Sequoia 15.3
  • tvOS 18.3
  • visionOS 2.3
  • watchOS 11.3

Users are strongly recommended to update their devices to the latest software versions to mitigate risks associated with this vulnerability.

See more details on: