Apple’s latest patch closes zero-day affecting wide swath of products

Apple released software updates Monday, aimed at addressing multiple security vulnerabilities within its products, including a significant zero-day vulnerability. 

Tracked as CVE-2025-24085, the flaw is a use-after-free vulnerability in the company’s Core Media component, a framework that manages audio and video playback and is central to many of Apple’s multimedia applications. The vulnerability poses a serious risk as it has reportedly been exploited in the wild against certain versions of iOS. 

In its advisory, Apple confirmed that malicious applications could exploit this vulnerability to gain unauthorized access to system controls. The company refrained from disclosing specific details about exploitation and potential targets, following its typical practice of limiting information that could aid malicious actors. Despite the swift response from Apple, exploit details remain scant, and the absence of a common vulnerability scoring system (CVSS) severity rating may complicate assessments of the flaw.

The software updates address the vulnerability across a range of devices, including iPhones, iPads, Macs, Apple TVs, the Vision Pro headset, and the Apple Watch. Users of iOS devices from iPhone XS and later, as well as numerous iPad models, are urged to update to iOS 18.3 or iPadOS 18.3. Mac users running macOS Sequoia should upgrade to version 15.3, while Apple Watch users need to install watchOS 11.3 to mitigate risks associated with this vulnerability.

The patchers also resolve five additional security flaws identified in AirPlay, which could enable attackers to cause unexpected system terminations or execute arbitrary code. Notably, the Google Threat Analysis Group played a role in identifying three vulnerabilities in the CoreAudio component. 

You can read more about the updates on Apple’s website.