One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8643714 |
| Date de publication | 2025-01-28 13:47:13 (vue: 2025-01-28 08:56:45) |
| Titre | Apple Patches Zero-Day Exploit Affecting iPhones, Macs, iPads, Watches & TVs |
| Texte | On Monday, Apple rolled out critical security updates to address several vulnerabilities affecting iPhones, Macs, and other devices, including a zero-day vulnerability actively exploited in the wild to target iPhone users.
The zero-day vulnerability, identified as CVE-2025-24085 (no CVSS score assigned yet), is a use-after-free flaw in Apple\'s Core Media component that could allow a pre-installed malicious application to gain elevated privileges on vulnerable devices.
According to Apple, the Core Media is a foundational framework within the Apple operating system that offers the underlying structure for processing and managing media data like video and audio.
It is the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company wrote in the advisory ([1], [2], [3], [4], [5]) published on Monday.
The zero-day vulnerability affected a broad range of Apple devices, including:
iPhone XS and later
iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later)
Macs running macOS Sequoia 15.3
Apple Watch Series 6 and later
Apple TV HD and Apple TV 4K (all models)
Apple Vision Pro running visionOS 2.3
Apple has resolved the CVE-2025-24085 vulnerability by releasing software updates - iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3 - with improved memory management.
Meanwhile, the company has not provided any information on how the above vulnerability was exploited, by whom, or who may have been targeted.
It has also not attributed the discovery of the vulnerability to a researcher.
Users are urged to update their iPhone, iPad, Mac, Apple Watch, and Apple TV immediately with the latest security updates to stay protected against potential threats.
Enable automatic updates to ensure you receive future patches on your devices without delay.
Further, avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.
On Monday, Apple rolled out critical security updates to address several vulnerabilities affecting iPhones, Macs, and other devices, including a zero-day vulnerability actively exploited in the wild to target iPhone users. The zero-day vulnerability, identified as CVE-2025-24085 (no CVSS score assigned yet), is a use-after-free flaw in Apple\'s Core Media component that could allow a pre-installed malicious application to gain elevated privileges on vulnerable devices. According to Apple, the Core Media is a foundational framework within the Apple operating system that offers the underlying structure for processing and managing media data like video and audio. It is the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company wrote in the |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 1st 2025 24085 3rd 5th 7th above according actively address affected affecting after against air all allow also any apple application apps are assigned attributed audio automatic avfoundation avoid aware been before broad clicking company component could critical cve cvss data day delay devices discovery download elevated enable ensure exploit exploited flaw found foundational framework frameworks free from further future gain generation has have high how identified immediately improved inch including including: information installed ios ipad ipados ipads iphone iphones issue is a later latest level like links mac macos macs malicious management managing may meanwhile media memory mini models monday not offers only operating other out patches pipeline platforms potential pre privileges pro processing protected provided published range receive reduce releasing report researcher resolved risk rolled running score security sequoia series several software sources stay structure suspicious system s core target targeted the advisory the core threats trusted tvos tvs underlying update updates urged use used users versions video vision visionos vulnerabilities vulnerability vulnerable watch watches watchos who whom wild within without wrote yet your zero “apple |
| Tags | Vulnerability Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.