Apple Delivers Urgent Security Patches

January 28, 2025
|In Cybersecurity News
|By Diego MacCastrillon

Critical CoreMedia Bug

Apple has released new software updates to fix several security problems found across its products. One of these flaws, called CVE-2025-24085, is a zero-day bug in the CoreMedia feature. This bug allows an already-installed malicious app on a device to gain higher-level access than it should.

You might be interested in: Hackers Use cnPilot Flaw for DDoS Attacks

According to Apple, there is evidence that older iOS versions (before iOS 17.2) might have been attacked using this flaw. The company has addressed the problem by improving how memory is handled on various devices and operating systems:

  • iOS 18.3 and iPadOS 18.3 – For iPhone XS and newer, several iPad Pro models, iPad Air (3rd gen and newer), iPad (7th gen and newer), and iPad mini (5th gen and newer)
  • macOS Sequoia 15.3 – For Macs running macOS Sequoia
  • tvOS 18.3 – For Apple TV HD and Apple TV 4K (all versions)
  • visionOS 2.3 – For Apple Vision Pro
  • watchOS 11.3 – For Apple Watch Series 6 and newer

So far, Apple has not shared details on exactly how this zero-day was used, who was behind it, or which targets were affected.

AirPlay and CoreAudio Fixes

The new updates also tackle five security issues in AirPlay, all discovered by Uri Katz from Oligo Security. In certain situations, these flaws could lead to unexpected system crashes, denial-of-service attacks, or malicious code being run on the device.

Additionally, Google’s Threat Analysis Group (TAG) found and reported three problems in the CoreAudio component—labeled as CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163. These could cause an app to close without warning when it tries to play a specially crafted audio file.

Apple Fixes Multiple Security Issues, Including a Zero-Day Attack in the Wild
Apple Fixes Multiple Security Issues, Including a Zero-Day Attack in the Wild

Recommended Action

Since CVE-2025-24085 is known to be actively exploited, it’s crucial for Apple users to update their devices immediately. This includes iPhones, iPads, Macs, Apple Watches, Apple TVs, and Apple Vision Pro units. Installing the latest security patches is one of the most effective ways to block hackers from abusing known weaknesses.

  1. Update Your Device
    • iPhone/iPad: Go to SettingsGeneralSoftware Update.
    • Mac: Open System Settings (or System Preferences on older versions) → GeneralSoftware Update.
    • Apple Watch: Use the Watch app on your iPhone, select My WatchGeneralSoftware Update.
    • Apple TV: Head to SettingsSystemSoftware Updates.
    • Apple Vision Pro: Follow the on-screen prompts in the system settings for downloading and installing updates.
  2. Enable Automatic Updates
    Turning on automatic updates ensures you don’t miss critical fixes. Check your device settings to confirm auto-updates are enabled, and remember to restart your device after updates are installed.
  3. Stay Alert for Suspicious Activity
    If you notice unusual device behavior—like sudden crashes, sluggish performance, or new apps you didn’t install—investigate right away. These could be signs of malware or other malicious activity.
  4. Practice Good Cyber Hygiene
    Along with timely updates, follow basic security practices: avoid clicking unknown links, refrain from downloading apps from third-party sources, and use strong, unique passwords for all your accounts.

By keeping your systems patched and remaining aware of potential threats, you’ll significantly reduce the risk of falling victim to hackers looking to exploit these vulnerabilities.

Breaches