{"id":7088,"date":"2025-01-27T16:30:27","date_gmt":"2025-01-27T22:30:27","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint-security\/apple-patches-actively-exploited-zero-day-vulnerability"},"modified":"2025-01-27T16:30:27","modified_gmt":"2025-01-27T22:30:27","slug":"apple-patches-actively-exploited-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/27\/apple-patches-actively-exploited-zero-day-vulnerability\/","title":{"rendered":"Apple Patches Actively Exploited Zero-Day Vulnerability"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

NEWS BRIEF<\/span><\/span><\/p>\n

In its latest security update for users, Apple has released a patch for a <\/span>zero-day vulnerability<\/a><\/span> tracked as CVE-2025-24085 (no CVSS score assigned yet).<\/span><\/p>\n

The vulnerability, not yet added to the National Vulnerability Database (NVD), can be found in iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. As a privileged escalation security flaw, it is located in Apple’s Core Media framework. The bug is being actively exploited in the wild.<\/span><\/p>\n

The <\/span>Core Media framework<\/a><\/span>, according to Apple, is “the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.” It allows users to process media samples as well as manage queues of media data.<\/span><\/p>\n

This patch comes in the form of <\/span>iOS 18.3<\/a><\/span>, which fixes 28 other vulnerabilities as well. Apple has yet to divulge many details about any of the issues that have been patched by this update, likely to prevent attackers from exploiting them before users can apply the necessary fix.<\/span><\/p>\n

Impacted devices from this bug include:<\/span><\/p>\n

\n