{"id":1673,"date":"2025-01-28T11:16:02","date_gmt":"2025-01-28T11:16:02","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1673"},"modified":"2025-01-28T11:16:02","modified_gmt":"2025-01-28T11:16:02","slug":"iphone-users-targeted-in-apples-first-zero-day-exploit-in-2025","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1673","title":{"rendered":"iPhone users targeted in Apple\u2019s first zero-day exploit in 2025"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Apple iPhone users were targeted for privilege escalation in the zero-day exploitation of a use-after-free vulnerability affecting Apple\u2019s Core Media framework.<\/p>\n<p>\u201cA malicious application may be able to elevate privileges,\u201d Apple<a href=\"https:\/\/support.apple.com\/en-us\/122066\"> said<\/a> in the security update description. \u201cApple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.\u201d<\/p>\n<p>Apple refrained from adding more details on the real-world exploitation and has yet to attribute the flaw\u2019s discovery to a cybersecurity researcher or firm.<\/p>\n<p>The vulnerability has been assigned a tracker, CVE-2025-24085, and is pending further evaluation to confirm the severity. Use-after-free vulnerabilities are typically serious security flaws arising from improper memory handling.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Patches available through security updates<\/h2>\n<p>The consumer electronics giant has released software updates to address the issue, along with several others, and users are advised to apply these updates to avoid exploitation.<\/p>\n<p>On the security updates page, Apple explained that the flaw was \u201caddressed with improved memory management.\u201d<\/p>\n<p>Updates with patches have been rolled out for iPhones (iOs 18.3), iPads (iPadOS 18.3), Macs (macOS Sequoia 15.3), Apple TV(tvOS 18.3), Vision Pro (visionOS 2.3), and Apple Watches (watchOS 11.3).<\/p>\n<p>Given Core Media\u2019s role in handling low-level media operations and interacting with sensitive system resources, critical flaws affecting it are known for potentially allowing code execution, data theft, and device takeover.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Targeting Apple devices continues<\/h2>\n<p>Owing to Apple\u2019s formidable market share and reputation for exclusivity, it has become a popular adversary target. Quite often, Apple systems bugs are picked up by nation-state actors for lateral entry and sensitive compromises.<\/p>\n<p>The Core Media vulnerability marks Apple\u2019s first zero-day exploit of 2025, following a string of critical exploits in 2024 including<a href=\"https:\/\/www.csoonline.com\/article\/1311874\/apple-warns-users-against-critical-memory-corrupting-attacks.html\"> CVE-2024-23225 and CVE-2024-23296<\/a> which together allowed attackers to bypass kernel memory protection.<\/p>\n<p>Apple had fixed six <a href=\"https:\/\/www.csoonline.com\/article\/565704\/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html\">zero-day<\/a> bugs in 2024, down from a total of twenty in 2023 which included notorious RCE bugs, CVE-2023-32434 and CVE-2023-32435, allegedly used in a spy campaign<a href=\"https:\/\/www.csoonline.com\/article\/642935\/apple-patches-exploits-used-in-spy-campaign-operation-triangulation.html\"> Operation Triangulation<\/a> against Russia. <\/p>\n<p>Other than the Code Media flaw, the security update addressed a clutch of other flaws with system termination, denial-of-service, and code execution issues, with five of them attributed to Oligo Security researcher Uri Katz, and three to Google\u2019s Threat Analysis Group (TAG).<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Apple iPhone users were targeted for privilege escalation in the zero-day exploitation of a use-after-free vulnerability affecting Apple\u2019s Core Media framework. \u201cA malicious application may be able to elevate privileges,\u201d Apple said in the security update description. \u201cApple is aware of a report that this issue may have been actively exploited against versions of iOS [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1674,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1673","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1673"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1673"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1673\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1674"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}