Apple Patches First Actively Exploited Zero-Day Vulnerability of the Year

January 27, 2025

Apple has issued security updates to address the first zero-day vulnerability of the year, known as CVE-2025-24085, which has been actively exploited in attacks against iPhone users. This zero-day vulnerability is a privilege escalation security flaw located in the Core Media framework of Apple's operating systems.

The vulnerability allows a malicious application to elevate its privileges. Apple has acknowledged reports that this issue may have been actively exploited against versions of iOS prior to iOS 17.2. The Core Media framework, according to Apple's official documentation, 'defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.'

Apple has also addressed another vulnerability, CVE-2024-23222, by enhancing memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. The range of devices impacted by this zero-day is quite broad, as it affects both older and newer models.

Despite acknowledging that the vulnerability is being exploited in the wild, Apple has not attributed the discovery of this security vulnerability to any security researcher nor has it released details about the attacks. Although this zero-day bug was likely exploited in targeted attacks, it is strongly recommended to install the latest security updates as soon as possible to prevent potential ongoing attack attempts.

In the previous year, Apple addressed a total of six zero-days - the first in January, two in March, one in May, and two more in November. In 2023, Apple patched 20 zero-day flaws that were exploited in the wild.

Related News

• Apple Backports Security Patches to Older iPhones and iPads Amid Active Exploitation of Zero-Day
• Apple Releases Details on Security Bug Allowing Remote Code Execution
• Apple Shortcuts Zero-Click Vulnerability Enables Covert Data Theft
• Apple Addresses Vision Pro Security Flaw, CISA Highlights iOS Vulnerability Exploitation
• CISA Issues Warning over Actively Exploited iPhone Kernel Bug

Latest News

• Urgent Call to Secure Systems Against Ongoing Attacks Exploiting Microsoft Outlook RCE Vulnerability
• Critical Authentication Bypass Vulnerability in SonicOS: Proof-of-Concept Revealed
• CISA Adds Apple's Flaw to Known Exploited Vulnerabilities Catalog
• Multiple Vulnerabilities in Git Could Lead to Credential Compromise
• Critical Security Flaw Identified in Meta's Llama Framework, Exposing AI Systems to Potential Remote Code Execution