AI description
CVE-2025-24085 is a use-after-free vulnerability found in Apple's CoreMedia framework, a key component responsible for processing audio and video data across various Apple operating systems (iOS, macOS, tvOS). This flaw allows malicious applications already present on a device to escalate their privileges, potentially granting them unauthorized access to system resources. Exploitation is reportedly easy and can be initiated remotely. This vulnerability has been actively exploited in attacks targeting iOS versions prior to 17.2. Apple has addressed this issue with improved memory management in security updates released for affected operating systems. While the specific details of the exploit remain undisclosed, it's crucial for users to update their devices to mitigate the risk associated with this vulnerability.
- Description
- A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Use-After-Free Vulnerability
- Exploit added on
- Jan 29, 2025
- Exploit action due
- Feb 19, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
🚨 Allarme sicurezza: Apple scopre la vulnerabilità CVE-2025-24085! iPhone, iPad, Mac e altri dispositivi a rischio. Aggiorna subito per proteggere i tuoi dati! Sei pronto a difendere la tua privacy digitale? #AppleSecurity #CyberAlert https://t.co/IrT4RWZhYD
@LoSmartphone
30 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
9/9 @Apple 's quick patch for CVE-2025-24085 demonstrates the ongoing fight against cyber threats. Be proactive and protect your digital life. 📘 #StaySecure
@Eth1calHackrZ
30 Jan 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Apple vulnerability CVE-2025-24085 to KEV Catalog #CISAKEV #CVE-2025-24085 #Apple https://t.co/wLzP0vtwAM
@pravin_karthik
30 Jan 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attention @Apple Users! Apple has released urgent updates to patch a critical vulnerability (CVE-2025-24085) affecting iPhones, Macs, iPads, and more. This security flaw, already exploited by attackers. 📌 Source: https://t.co/9InqKatjhC https://t.co/wEV2aSawCL
@protecticore
29 Jan 2025
29 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24085 macOS and iOS Kernel Use-After-Free Vulnerability Enables Privile... https://t.co/tgEH7GTx0l Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
29 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【#KEV】CISA が既知の悪用された脆弱性をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jan 29) - CVE-2025-24085 Apple 複数製品の解放後使用の脆弱性 https://t.co/LzSBH8aoSh
@foxbook
29 Jan 2025
86 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #Apple use-after-free vulnerability CVE-2025-24085, affecting multiple Apple products, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dOIn6I9vuB & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/5V
@CISACyber
29 Jan 2025
9218 Impressions
34 Retweets
52 Likes
6 Bookmarks
3 Replies
5 Quotes
#DOYOUKNOWCVE Two critical Zero-Day's under active exploitation! CVE-2025-24085 - A use-after-free vulnerability in Apple's Core Media component is actively exploited on devices running iOS versions prior to 17.2. Apple has released security updates to address this issue, which
@Loginsoft_Inc
29 Jan 2025
98 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 Cybersecurity Alert: Apple iOS Zero-Day Vulnerability 🚨 Apple has released critical security updates to fix a serious zero-day vulnerability, CVE-2025-24085, that is actively being exploited. If you use an iPhone, iPad, Mac, Apple Watch, Apple TV, or Apple Vision Pro, you… h
@PhenicieBrady
29 Jan 2025
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
ChatGPT said: 🚨 Cybersecurity Alert: Apple iOS Zero-Day Vulnerability 🚨 Apple has released critical security updates to fix a serious zero-day vulnerability, CVE-2025-24085, that is actively being exploited. If you use an iPhone, iPad, Mac, Apple Watch, Apple TV, or Apple… htt
@PhenicieBrady
29 Jan 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Appleは、iOS 18.3、macOS Sequoia 15.3などで積極的に悪用されていたゼロデイ脆弱性(CVE-2025-24085)を含む9つの脆弱性を修正するソフトウェアアップデートをリリースした。The Hacker Newsの記事で詳細を確認できる。 #米国ニュース https://t.co/ZCXfutdXiF
@NaoyukiszB
29 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has addressed critical vulnerabilities, including a zero-day flaw (CVE-2025-24085) affecting iOS, iPadOS, macOS, and more. Updates enhance memory management and patch several security issues. 🔒 #AppleUpdates #iOS #USA link: https://t.co/umd8D4Ojts https://t.co/qdi2vF0wct
@TweetThreatNews
29 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apple Security Update Alert 🚨 Apple has just patched a critical zero-day vulnerability, CVE-2025-24085, in its latest software update. Here's how it works: The Vulnerability: It's a use-after-free bug in the Core Media component. Essentially, this means that after a piece
@Oz_70th
29 Jan 2025
201 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
1 Quote
Apple has rolled out security updates across its devices to fix multiple vulnerabilities, including a zero-day (CVE-2025-24085) that has been exploited in the wild. This flaw, found in Core Media, could allow a malicious app to gain elevated privileges on affected devices. https:
@smart_c_intel
29 Jan 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively Exploited Vulnerability in Apple Products: Apple has released security updates addressing a vulnerability (CVE-2025-24085) which is a privilege escalation security flaw in Apple's Core Media framework. This vulnerability is reportedly being actively exploited. Succes ...
@TechnicalVil
29 Jan 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“Apple” cihazlarında boşluq (CVE-2025-24085) aşkarlanıb. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/aaoHfxFKQ0
@CERTAzerbaijan
28 Jan 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Kritieke cve-2025-24085 kwetsbaarheid in apple software gepatcht https://t.co/yAr1pN0PHS #CVE-2025-24085 #Apple kwetsbaarheid #software update #geheugenbeheer beveiliging #iOS 18.3 patch #Trending #Tech #Nieuws
@TrendingNewsBot
28 Jan 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Apple Patches Actively Exploited Zero-Day Vulnerability Apple has released a critical update to resolve a zero-day vulnerability (CVE-2025-24085) impacting iPhones, iPads, Macs, and other devices. The flaw, which has been actively exploited, could enable malicious apps to… ht
@ThreatfieldNews
28 Jan 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple parchea un día cero explotado que afecta a iPhones, Macs y otros dispositivos CVE-2025-24085 Core Media iOS 18.3 and iPadOS 18.3 macOS Sequoia 15.3 tvOS 18.3 visionOS 2.3 watchOS 11.3 https://t.co/0Z0DlqpBpg https://t.co/mlKG9fw4Pn
@elhackernet
28 Jan 2025
6057 Impressions
21 Retweets
88 Likes
8 Bookmarks
3 Replies
2 Quotes
🛑 Urgent: #Apple has released a software update to patch a #zeroday vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more. https://t.co/A19zQomMxA 👉 Read: @TheHackersNews
@CEEKTechnology
28 Jan 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attention all Apple enthusiasts! 🚨 Urgent: Update now! Apple just patched an actively exploited zero-day vulnerability (CVE-2025-24085) on your iPhones, iPads, Macs, and more. Secure your devices! #CyberSecurity #AppleUpdate #iPhoneSecurity https://t.co/N7H7wpgw77
@_F2po_
28 Jan 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attention les fans d'Apple ! 🚨 Urgent : Mettez à jour maintenant ! Apple vient de corriger une faille zero-day (CVE-2025-24085) activement exploitée sur vos iPhones, iPads, Macs, et plus. Sécurisez vos appareils ! #CyberSécurité #AppleUpdate https://t.co/N7H7wpgw77
@_F2po_
28 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Apple Addresses 2025's First Actively Exploited Zero-Day Vulnerability Apple has released critical updates to patch this year's first known, actively exploited zero-day vulnerability, CVE-2025-24085, affecting various operating systems. Users are urged to update immediately…
@gossy_84
28 Jan 2025
96 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨CVE Alert: Apple Use After Free Zero-day Vulnerability Exploited In the Wild🚨 Vulnerability Details: CVE-2025-24085 Apple Use After Free Zero-day Vulnerability Impact A Successful exploit may allows a local application to escalate privileges on the system. Affected Products
@CyberxtronTech
28 Jan 2025
85 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple risolve primo zero-day del 2025: CVE-2025-24085 su Core Media Sicurezza Informatica, Apple, core media, CVE-2025-24085, escalation privilegi, evidenza, vulnerabilità, zero day https://t.co/plp4ONHOPJ https://t.co/stHLiXSRTg
@matricedigitale
28 Jan 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apple has addressed a critical zero-day vulnerability (CVE-2025-24085) in its Core Media component, allowing exploits that could elevate app privileges. With updates now available for several devices, users should act fast to secure their systems. Stay safe out there! 🔒📱✨
@eilonh1
28 Jan 2025
17 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More Apple addresses a zero-day flaw (CVE-2025-24085) and fixes 9 vulnerabilities in iOS 18.3, macOS Sequoia 15.3, and more. The Hacker News | https://t.co/SnNhmOUbtB • Jan 28, 2025 https://t.co/A8nN1M9kRT
@AnonTroyano303
28 Jan 2025
68 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT: Apple has released a critical update to fix a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild. This affects iPhones, iPads, Macs, Apple TVs, and more. Update immediately to secure your devices and data. Delaying puts you at risk!
@alaxzan
28 Jan 2025
146 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 Urgent: Apple has released a software update to patch a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more. 👉 Read: https://t.co/o9QVJZLY9m
@TheHackersNews
28 Jan 2025
69166 Impressions
187 Retweets
382 Likes
83 Bookmarks
1 Reply
12 Quotes
🔨Apple、2025年1件目のゼロデイを修正 攻撃で悪用されている恐れ:CVE-2025-24085 ⚠️DeepSeek、サイバー攻撃により新規アカウントの登録を制限 〜サイバーアラート 1月28日〜 https://t.co/umXRCYlPXc #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
28 Jan 2025
212 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24085 Apple fixes Critical Zeroday #Apple #Zeroday #CVE-2025-24085 https://t.co/aXX3pXwKaR
@pravin_karthik
28 Jan 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple fixes this year’s first actively exploited zero-day bug: https://t.co/46MkgJhR8O Apple has released security updates to address CVE-2025-24085, a zero-day vulnerability in the Core Media framework, which allows privilege escalation on iOS, macOS, tvOS, and watchOS. The… ht
@securityRSS
27 Jan 2025
52 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple社が2025年初の悪用済みゼロデイ脆弱性を修正。CVE-2025-24085は悪性アプリが権限昇格を行える脆弱性で、iOS/iPadOS, macOS, tvOS, watchOS, visionOSのそれぞれに影響。CoreMediaにおける解放後メモリ使用だが、詳細は明らかにされていない。 https://t.co/WTXv9PWJky
@__kokumoto
27 Jan 2025
805 Impressions
3 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Apple Patches Actively Exploited Zero-Day Vulnerability Apple addresses a critical zero-day vulnerability (CVE-2025-24085) that allows malicious apps to exploit iPhones. Get the details on the emergency security updates from Apple. https://t.co/Hjs0CAJTjR
@the_yellow_fall
27 Jan 2025
350 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
🔒 A Apple corrigiu uma vulnerabilidade crítica de dia zero (CVE-2025-24085) que afetava o iPhone, iPad, Mac e mais, potencialmente explorada por aplicativos maliciosos. Atualize os dispositivos para permanecer seguro! #AppleSecurity #Privacy #UpdateOnline https://t.co/xKpKP217V
@UpdateOnlineBR
27 Jan 2025
17 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Apple has fixed a critical zero-day vulnerability (CVE-2025-24085) affecting iPhone, iPad, Mac, and more, potentially exploited by malicious apps. Update devices to stay secure! 🇺🇸 #AppleSecurity #Privacy #TechUpdate link: https://t.co/OY68ueHAUJ https://t.co/jNXZMrLg0D
@TweetThreatNews
27 Jan 2025
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📣 EMERGENCY UPDATE 📣 Apple pushed additional updates for a zero-day that may have been actively exploited. 🐛 CVE-2025-24085 (CoreMedia) additional patches: - visionOS 2.3
@ApplSec
27 Jan 2025
348 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2025-24085)UAF in CoreMedia??? Exploited ITW against versions of iOS before iOS 17.2 https://t.co/YHbKwbaYEF https://t.co/XiGKE9VlxA
@xvonfers
27 Jan 2025
3283 Impressions
8 Retweets
43 Likes
10 Bookmarks
0 Replies
0 Quotes
📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. 🐛 CVE-2025-24085 (CoreMedia): - iOS and iPadOS 18.3 - macOS Sequoia 15.3 - tvOS 18.3 - watchOS 11.3
@ApplSec
27 Jan 2025
1795 Impressions
5 Retweets
16 Likes
1 Bookmark
4 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A",
"versionEndExcluding": "18.3"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B",
"versionEndExcluding": "18.3"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B",
"versionEndExcluding": "15.3"
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4",
"versionEndExcluding": "18.3"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD",
"versionEndExcluding": "2.3"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361",
"versionEndExcluding": "11.3"
}
],
"operator": "OR"
}
]
}
]