CVE-2025-24085

Published Jan 27, 2025

Last updated 19 hours ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24085 is a use-after-free vulnerability found in Apple's CoreMedia framework, a key component responsible for processing audio and video data across various Apple operating systems (iOS, macOS, tvOS). This flaw allows malicious applications already present on a device to escalate their privileges, potentially granting them unauthorized access to system resources. Exploitation is reportedly easy and can be initiated remotely. This vulnerability has been actively exploited in attacks targeting iOS versions prior to 17.2. Apple has addressed this issue with improved memory management in security updates released for affected operating systems. While the specific details of the exploit remain undisclosed, it's crucial for users to update their devices to mitigate the risk associated with this vulnerability.

Description
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Source
product-security@apple.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Apple Multiple Products Use-After-Free Vulnerability
Exploit added on
Jan 29, 2025
Exploit action due
Feb 19, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-416
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score
Not currently trending
  1. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    23 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    22 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    22 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    21 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    17 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    15 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    14 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Apple Fixes Zero-Day Exploited in Sophisticated Attacks! 🚨 CVE-2025-24200 allowed disabling USB Restricted Mode on locked devices—potential spyware risk! Another flaw (CVE-2025-24085) led to privilege escalation. Update NOW to iOS/iPadOS 18.3.1! https://t.co/T1MAc8L5JX… https:

    @dCypherIO

    11 Feb 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🔐 Attenzione utenti Apple! La vulnerabilità zero-day CVE-2025-24085 minaccia i vostri iPhone, iPad e Mac. Aggiornate subito per proteggere i vostri dati! Siete pronti a difendere la vostra privacy? #AppleSecurity #CyberAlert https://t.co/SwzpZIrgj8

    @LoSmartphone

    11 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Update your Apple products immediately! Due to CVE-2025-24085 it disables USB restricted mode and allows for exploitation and sideloading of unauthorized applications (back doors mostly). Do not ignore this update!

    @zeroday31337

    11 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    10 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. #Apple released security updates for CVE-2025-24085. Don’t wait—check out this Cybersecurity Threat Advisory to learn how to secure your devices now! https://t.co/DIIpJHO5SN #ThreatAdvisory

    @BarracudaMSP

    10 Feb 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    9 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Apple’s latest zero-day threat is here — is your IT team ready? https://t.co/wRqW7wMYxT CVE-2025-24085 is actively being exploited, putting iPhones, Macs, and iPads at risk. With Apple’s growing enterprise presence, zero-day attacks are only increasing. https://t.co/luD24cyfvE

    @addigy

    7 Feb 2025

    27 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    7 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    6 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. CVE-2025-24085: an actively exploited in the wild, affecting iPhones, iOS, iPads, Macs, Apple TVs, and more.

    @byt3n33dl3

    5 Feb 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  18. CVE-2025-24085, now were talking

    @byt3n33dl3

    5 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    5 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2025-24085

    @transilienceai

    4 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. 2-3-2025 IF YOU HAVE AN APPLE UPGRADE NOW! ZeroDay 0Day Exploit in the wild! Technical details about the zero-day The zero-day vulnerability patched in this update is tracked as CVE-2025-24085. It is described as a use after free (UAF) issue in Apple’s Core Media framework that…

    @forlotto3

    3 Feb 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🗓️Resumen. 27 Ene - 1 Feb 🟥DeepSeek en la mira de ciberataques. 🟥Apple parchea el ZeroDay CVE-2025-24085. 🟥Aquabot Botnet ataca teléfonos Mitel. 📢Imagen: Actividad Actores de Amenaza últimos 7 días. #CyberSecurity #InfoSec #ZeroDay #Apple #Botnet https://t.co/en6uXZpK0y

    @belisariogm

    3 Feb 2025

    61 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. iOS 18.3 - 17 JAILBREAK NEWS: Alleged iOS Exploit For CVE-2025-24085 Obtained By BasVT! We Now Have Confirmation! 🌟 NEW VIDEO: https://t.co/Z1lHRkI8ol Developer @AppleDry05 has somehow obtained the files sold for $233 on GitHub and confirmed to us the files are indeed a hoax.

    @FCE365

    2 Feb 2025

    13552 Impressions

    14 Retweets

    106 Likes

    10 Bookmarks

    12 Replies

    0 Quotes

  24. iOS 18.3 - 17 JAILBREAK (All Devices): iOS Vulnerability CVE-2025-24085 ... https://t.co/34MEy9INwm via @YouTube

    @game1864

    2 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Apple has released a software update to patch a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more. This flaw could allow malicious apps to escalate privileges and take control of your device. https://t.co/

    @achi_tech

    2 Feb 2025

    210 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. iOS 18.3 - 17.0 JAILBREAK NEWS (All Devices): New iOS Vulnerability Exploit Being SOLD! All We Know! 🌟 NEW VIDEO: https://t.co/a1YluWRsVB We're discussing the CVE-2025-24085 bug patched by Apple in iOS 18.3 and iPadOS 18.3 that can likely be useful for jailbreak purposes… http

    @FCE365

    1 Feb 2025

    12611 Impressions

    14 Retweets

    97 Likes

    25 Bookmarks

    5 Replies

    0 Quotes

  27. Apple releases security updates to fix zero-day vulnerability. Stay safe with latest patches. Read more at: https://t.co/JsL8KOuCrd. #CyberSecurity #Apple #Update #CVE-2025-24085.

    @threatlight

    1 Feb 2025

    52 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. #CVE-2025-24085 #Apple Multiple Products Use-After-Free #Vulnerability https://t.co/N05dD8c36e

    @ScyScan

    1 Feb 2025

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Velká část zařízení společnosti Apple je pod hrozbou aktivně zneužívané zero-day zranitelnosti. Zranitelnost CVE-2025-24085 (CVSS skóre 7.3/7.8), spočívající v use-after-free chybě, je možné využít k eskalaci privilegií a v systému následně napáchat více škody. Apple… https:/

    @AlefSecurity

    31 Jan 2025

    112 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. 1/8 @Apple has patched its first iOS zero-day of 2025, CVE-2025-24085. Update your devices to protect against active exploits. 🔒 #AppleSecurity #ZeroDay

    @Eth1calHackrZ

    31 Jan 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 Allarme sicurezza: Apple scopre la vulnerabilità CVE-2025-24085! iPhone, iPad, Mac e altri dispositivi a rischio. Aggiorna subito per proteggere i tuoi dati! Sei pronto a difendere la tua privacy digitale? #AppleSecurity #CyberAlert https://t.co/IrT4RWZhYD

    @LoSmartphone

    30 Jan 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 9/9 @Apple 's quick patch for CVE-2025-24085 demonstrates the ongoing fight against cyber threats. Be proactive and protect your digital life. 📘 #StaySecure

    @Eth1calHackrZ

    30 Jan 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CISA adds Apple vulnerability CVE-2025-24085 to KEV Catalog #CISAKEV #CVE-2025-24085 #Apple https://t.co/wLzP0vtwAM

    @pravin_karthik

    30 Jan 2025

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Attention @Apple Users! Apple has released urgent updates to patch a critical vulnerability (CVE-2025-24085) affecting iPhones, Macs, iPads, and more. This security flaw, already exploited by attackers. 📌 Source: https://t.co/9InqKatjhC https://t.co/wEV2aSawCL

    @protecticore

    29 Jan 2025

    29 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. CVE-2025-24085 macOS and iOS Kernel Use-After-Free Vulnerability Enables Privile... https://t.co/tgEH7GTx0l Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    29 Jan 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 【#KEV】CISA が既知の悪用された脆弱性をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jan 29) - CVE-2025-24085 Apple 複数製品の解放後使用の脆弱性 https://t.co/LzSBH8aoSh

    @foxbook

    29 Jan 2025

    86 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🛡️ We added #Apple use-after-free vulnerability CVE-2025-24085, affecting multiple Apple products, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dOIn6I9vuB & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/5V

    @CISACyber

    29 Jan 2025

    9218 Impressions

    34 Retweets

    52 Likes

    6 Bookmarks

    3 Replies

    5 Quotes

  38. #DOYOUKNOWCVE Two critical Zero-Day's under active exploitation! CVE-2025-24085 - A use-after-free vulnerability in Apple's Core Media component is actively exploited on devices running iOS versions prior to 17.2. Apple has released security updates to address this issue, which

    @Loginsoft_Inc

    29 Jan 2025

    98 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  39. 🚨 Cybersecurity Alert: Apple iOS Zero-Day Vulnerability 🚨 Apple has released critical security updates to fix a serious zero-day vulnerability, CVE-2025-24085, that is actively being exploited. If you use an iPhone, iPad, Mac, Apple Watch, Apple TV, or Apple Vision Pro, you… h

    @PhenicieBrady

    29 Jan 2025

    97 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. ChatGPT said: 🚨 Cybersecurity Alert: Apple iOS Zero-Day Vulnerability 🚨 Apple has released critical security updates to fix a serious zero-day vulnerability, CVE-2025-24085, that is actively being exploited. If you use an iPhone, iPad, Mac, Apple Watch, Apple TV, or Apple… htt

    @PhenicieBrady

    29 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Appleは、iOS 18.3、macOS Sequoia 15.3などで積極的に悪用されていたゼロデイ脆弱性(CVE-2025-24085)を含む9つの脆弱性を修正するソフトウェアアップデートをリリースした。The Hacker Newsの記事で詳細を確認できる。 #米国ニュース https://t.co/ZCXfutdXiF

    @NaoyukiszB

    29 Jan 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Apple has addressed critical vulnerabilities, including a zero-day flaw (CVE-2025-24085) affecting iOS, iPadOS, macOS, and more. Updates enhance memory management and patch several security issues. 🔒 #AppleUpdates #iOS #USA link: https://t.co/umd8D4Ojts https://t.co/qdi2vF0wct

    @TweetThreatNews

    29 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🚨 Apple Security Update Alert 🚨 Apple has just patched a critical zero-day vulnerability, CVE-2025-24085, in its latest software update. Here's how it works: The Vulnerability: It's a use-after-free bug in the Core Media component. Essentially, this means that after a piece

    @Oz_70th

    29 Jan 2025

    201 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  44. Apple has rolled out security updates across its devices to fix multiple vulnerabilities, including a zero-day (CVE-2025-24085) that has been exploited in the wild. This flaw, found in Core Media, could allow a malicious app to gain elevated privileges on affected devices. https:

    @smart_c_intel

    29 Jan 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. Actively Exploited Vulnerability in Apple Products: Apple has released security updates addressing a vulnerability (CVE-2025-24085) which is a privilege escalation security flaw in Apple's Core Media framework. This vulnerability is reportedly being actively exploited. Succes ...

    @TechnicalVil

    29 Jan 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. “Apple” cihazlarında boşluq (CVE-2025-24085) aşkarlanıb. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/aaoHfxFKQ0

    @CERTAzerbaijan

    28 Jan 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Kritieke cve-2025-24085 kwetsbaarheid in apple software gepatcht https://t.co/yAr1pN0PHS #CVE-2025-24085 #Apple kwetsbaarheid #software update #geheugenbeheer beveiliging #iOS 18.3 patch #Trending #Tech #Nieuws

    @TrendingNewsBot

    28 Jan 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. ⚠️ Apple Patches Actively Exploited Zero-Day Vulnerability Apple has released a critical update to resolve a zero-day vulnerability (CVE-2025-24085) impacting iPhones, iPads, Macs, and other devices. The flaw, which has been actively exploited, could enable malicious apps to… ht

    @ThreatfieldNews

    28 Jan 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Apple parchea un día cero explotado que afecta a iPhones, Macs y otros dispositivos CVE-2025-24085 Core Media iOS 18.3 and iPadOS 18.3 macOS Sequoia 15.3 tvOS 18.3 visionOS 2.3 watchOS 11.3 https://t.co/0Z0DlqpBpg https://t.co/mlKG9fw4Pn

    @elhackernet

    28 Jan 2025

    6057 Impressions

    21 Retweets

    88 Likes

    8 Bookmarks

    3 Replies

    2 Quotes

  50. 🛑 Urgent: #Apple has released a software update to patch a #zeroday vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more. https://t.co/A19zQomMxA 👉 Read: @TheHackersNews

    @CEEKTechnology

    28 Jan 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations