One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8646502 |
| Date de publication | 2025-02-03 12:21:32 (vue: 2025-02-03 13:07:59) |
| Titre | Apple Issues Security Updates for iOS, macOS, watchOS, and More-Patch Now! |
| Texte | 
Overview
Apple has released security updates to address a newly discovered vulnerability, CVE-2025-24085, in its Core Media framework. This vulnerability is classified as a privilege escalation flaw and is reportedly being actively exploited. If successfully leveraged by a malicious application, this vulnerability could enable an attacker to elevate privileges on an affected device.
To mitigate the risk, Apple has released patches across multiple product lines, urging users and administrators to update their devices immediately. The affected operating systems include iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3.
Details of CVE-2025-24085
The vulnerability stems from a use-after-free (UAF) issue, a memory management flaw where a program continues to access memory after it has been freed. This can lead to arbitrary code execution, privilege escalation, or application crashes. Apple has addressed this issue by improving memory management.
Apple has acknowledged that CVE-2025-24085 may have been actively exploited against iOS versions before iOS 17.2. This underlines the urgency of updating affected devices to the latest security patches.
Impacted Devices and Operating Systems
Apple has rolled out security patches for the following devices and operating system versions:
iOS 18.3 and iPadOS 18.3:
iPhone XS and later
iPad Pro 1 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 007 1st 2025 24085 24086 24123 24124 24126 24127 24129 24131 24137 24141 24160 24161 24163 24177 300x150 3rd 5th 7th abhay access acknowledged across actively additional address addressed addressing administrators advised advisories/alerts/al affected after against air airplay all alongside also analysis app apple application applications apply apps arbitrary are arkit attack attacker attackers attacks authentication automatic automatically available avoid been before being best blogs by: can caption= cause check checks classified code com/en com/wp commitment components configure content/uploads/2025/02/cyble continues core coreaudio coremedia corrupt could crashes csa cve cyberattacks cyble dac data date day demonstrates denial details device devices different digital discovered downloads: elevate emerging emphasized enable enki ensure environment escalation execution exploitation exploited file file= files fix: fixes flaw flaws following framework free freed from gain gb/122066 generation google gov gov/vuln/detail/cve group handling has have however https://cyble https://nvd https://support https://www image immediately immediately: impact: impacted implemented importance improved improving inch include including: india informed: initiative input install ios ipad ipados iphone issue issues its jpg kailasia katz keeping kernel large later latest lead leveraged limit lines local locked macos macs malicious management may media medium memory micro mini mitigate models monitor more multiple new newly nist now oligo only operating other out overview page parsing patch patches permission permissions permissions: photos physical platforms positions possible potential practices privilege privileged privileges pro process product program promptly protect rapid recommendations reduce regularly released releasing remote reported reportedly researchers response responsibility result risk rolled root running safeguard safer security sequoia series service several sg/alerts should soon source: sources state stay staying stems steps: store strengthened strongly successfully such surfaces suspicious system systems take termination terminations these thiruvananthapuram threat threats title= trend trigger trusted tvos uaf underlines unexpected university unlocked update updated updates updates: updating urgency urging uri use user users validation verify versions versions: vision visionos vulnerabilities vulnerability watch watchos where whitehat zero zhejiang |
| Tags | Vulnerability Threat Prediction |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.