Apple has released security updates to address a zero-day vulnerability (CVE-2025-24085) affecting iPhones, iPads, macOS, and other Apple devices. The vulnerability, related to CoreMedia's memory management, could allow malicious apps to gain system control. Apple acknowledges that the bug has been actively exploited, urging users to update their devices promptly.
Apple has plugged a security hole in the software at the heart of its iPhones, iPads, Vision Pro goggles, Apple TVs and macOS Sequoia Macs, warning some miscreants have already exploited the bug.common across iOS, macOS, and so forth that the iGiant says it fixed with improved memory management. CoreMedia is essentially the engine behind how Apple gear deals with audio and video.
We don't have much — or, really, any — information about how the bug is being abused in attacks and by whom, other than it can be used by a rogue app on someone's device to gain more control over the system and that it's been used against iOS devices. While more details will likely leak out in the coming days, as of now we know the vulnerability was exploited as a zero-day, making it Apple's first of 2025.
"A malicious application may be able to elevate privileges," Apple noted in five of its Monday security updates."Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2." Apple didn't credit a security researcher or group with finding CVE-2025-24085, and it's still awaiting a CVSS severity rating plus additional CVE record details. As details of the vulnerability are known to some, and patches are now available, it's wise to apply the fix to all affected devices in case someone decides to port the exploit from iOS to other Apple OSes to use against victims.plug the hole in these products.
APPLE SECURITY ZERO-DAY Ios MACOS
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Ivanti Patches Exploited Zero-Day Vulnerability in Multiple ProductsThe cybersecurity industry is urging organizations to take immediate action to mitigate the risk of exploitation as Ivanti addresses two critical vulnerabilities in its Connect Secure, Policy Secure, and Neurons for ZTA gateways products. One of the vulnerabilities, a stack-based buffer overflow bug, was already being exploited in the wild, allowing attackers to execute arbitrary code remotely.
Read more »
Nominet probes network intrusion linked to Ivanti zero-day exploitUnauthorized activity detected, but no backdoors found
Read more »
Nominet Investigates Potential Breach Linked to Ivanti Zero-Day ExploitUK domain registry Nominet is investigating a potential network breach linked to the latest Ivanti zero-day exploits. The company discovered suspicious activity on its network and believes the entry point was through third-party VPN software supplied by Ivanti. Nominet stated that the unauthorized intrusion exploited a zero-day vulnerability but there is currently no evidence of data theft or backdoors. The organization is working with external experts to investigate and has implemented additional safeguards.
Read more »
Fortinet Firewall Exploits: Mass Zero-Day Campaign UncoveredSecurity researchers have revealed a large-scale attack campaign targeting Fortinet firewalls, suspected to be leveraging an unpatched zero-day vulnerability. The campaign, peaking in December, involved malicious actors compromising numerous Fortinet devices, altering configurations, and establishing persistent connections through SSL VPN tunnels.
Read more »
Fortinet Confirms 2022 Zero-Day Exploit Leak by Belsen GroupFortinet officially acknowledges leaked FortiGate configurations stolen during a 2022 zero-day attack by the Belsen Group. The leaked data includes sensitive information like IP addresses, configurations, and passwords. While Fortinet emphasizes that most affected devices have been patched, users are urged to review security practices and potential vulnerabilities.
Read more »
Fortinet Customers Under Fire as 50,000 Devices Remain Vulnerable to Active Zero-Day ExploitNearly 50,000 Fortinet management interfaces are still exposed to a critical zero-day vulnerability, actively exploited by attackers. The Shadowserver Foundation reports 48,457 vulnerable devices, with Asia experiencing the highest concentration of exposed firewalls. Fortinet urges immediate action to patch systems and implement workarounds.
Read more »