Summary: Apple has released security updates to address a significant zero-day vulnerability (CVE-2025-24085) affecting various devices, including iPhone and iPad models. This privilege escalation flaw in the Core Media framework could allow malicious applications to elevate privileges, and there are reports it may have been actively exploited. Users are strongly encouraged to update their devices to protect against potential attacks.
Affected: Apple devices including iPhone, iPad, macOS, Apple Watch, and Apple TV
Keypoints :
- CVE-2025-24085 targets iOS, macOS, tvOS, and watchOS.
- The flaw affects devices such as iPhone XS and later, multiple iPad models, macOS Sequoia, and Apple Watch Series 6 and later.
- Users are advised to install security updates promptly to mitigate ongoing attack risks.