A critical zero-day vulnerability, CVE-2025-24085, affecting multiple Apple products, has been actively exploited in the wild, prompting urgent security updates from Apple. This vulnerability, with a maximum CVSS score of 10, involves a use-after-free issue in Apple's Core Media framework, allowing malicious applications to elevate privileges on affected devices.
The flaw was publicly disclosed on January 27, 2025, and within just over a day, attackers began exploiting it, highlighting the rapid transition from disclosure to exploitation. The vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA, underscoring its critical nature and the necessity for immediate remediation.
Apple has released patches for a wide range of its operating systems to address this issue. The updates are available for iOS 18.3, iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, and watchOS 11.3. Users are strongly advised to update their devices to these versions to mitigate the risk of exploitation.
The exploitation of CVE-2025-24085 has been confirmed, with at least two proof-of-concept exploits available, increasing the risk of widespread attacks. The Exploit Prediction Scoring System (EPSS) gives this vulnerability a score of 0.139, indicating a moderate likelihood of exploitation, but the critical nature of the flaw and its active exploitation in the wild make immediate action imperative.
Security teams should prioritize patching affected systems and monitor for any signs of compromise. The use-after-free nature of the vulnerability suggests that attackers could potentially execute arbitrary code with elevated privileges, making it a significant threat to the security of Apple devices.
Given the rapid exploitation timeline and the critical impact of this vulnerability, organizations should ensure that all Apple devices are updated without delay. This swift response is crucial to protect against potential attacks that could leverage this vulnerability to gain unauthorized access or control over devices.
CSURFACE