- Apple warns users of the vulnerability of use after exploited in the wild
- It affects most products, including iPhones, Watches, TVs and more
- A fix is already available, so update now
Apple published a correction for its first zero day of 2025, fixing the CVE-2025-24085, a defect in use after the Coremedia component.
Coremedia is a framework for the Apple ecosystem that manages multimedia. It is important for the reading, processing and management of audio and video files, and is in the devices powered by macOS, iOS, iPados, Tvos and Watchos.
A flaw of use afterwards (UAF) is a type of memory vulnerability that occurs when a program continues to use a memory location after its release (Treaty). This can cause unpredictable behavior, such as accidents, corruption of data or the execution of a malicious code. The attackers can exploit the UAF by manipulating the memory space to insert malicious useful loads, which the program can execute when it reaches the released memory.
Post things
The problem affects several Apple products: iPhones, iPads, Mac, TVS, Pro Vision and Watches.
The company said that it was exploited in nature as a zero day, but at present, it did not share any detail – although the bug could be exploited via a thug application, which could grant more control to attackers on the target system.
Relative silence is a regular practice for Apple, because it wants to give its users enough time to apply the patch, without switching the potential threats to a new attack avenue.
Speaking of the corrective, Apple products must ensure that their devices are updated on the following elements: iOS 18.3 and iPados 18.3, MacOS Sequoia 15.3, TVOS 18.3, Visionos 2.3 and Watchos 11.3.
“A malicious request may be able to raise privileges,” said Apple in a security notice. “Apple is aware of a report that this problem may have been actively exploited against the versions of iOS before iOS 17.2.”
Via The register
