Apple has released critical security updates to address multiple vulnerabilities, including a zero-day flaw that was actively exploited. The updates enhance memory management and fix security issues across apps. Affected: iOS, iPadOS, macOS, watchOS, tvOS
Keypoints :
- Apple rolled out updates to address critical vulnerabilities, including CVE-2025-24085.
- The zero-day vulnerability could allow unauthorized system access on affected devices.
- Apple improved memory management to mitigate risks associated with these vulnerabilities.
- Other fixed vulnerabilities include issues in AirPlay, ARKit, ImageIO, WebKit, and the kernel.
- Users are urged to install these updates to safeguard their devices against potential exploits.
MITRE Techniques :
- Privilege Escalation (T1068) β Attackers could exploit CVE-2025-24085 to gain unauthorized access to system-level privileges.
- Denial of Service (T1499) β CVE-2025-24126, CVE-2025-24129, and CVE-2025-24137 could lead to system crashes and disruptions in AirPlay.
- Exploitation of Memory Corruption (T1203) β CVE-2025-24086 in ImageIO allowed for potential app crashes due to maliciously crafted image files.
- Execution of arbitrary code (T1203) β CVE-2025-24159 in the kernel allowed unauthorized execution of critical system functions.
- Food for manipulation and unauthorized data access (T1071) β Addressed vulnerabilities in WebKit allowing tracking and potential command injections.
CVE :
- [CVE] CVE-2025-24085
- [CVE] CVE-2025-24126
- [CVE] CVE-2025-24129
- [CVE] CVE-2025-24137
- [CVE] CVE-2025-24086
Full Story: https://thecyberexpress.com/new-apple-security-update/