CVE-2025-24085
Published Jan 27, 2025
Last updated a month ago
AI description
CVE-2025-24085 is a use-after-free vulnerability found in Apple's CoreMedia framework, a key component responsible for processing audio and video data across various Apple operating systems (iOS, macOS, tvOS). This flaw allows malicious applications already present on a device to escalate their privileges, potentially granting them unauthorized access to system resources. Exploitation is reportedly easy and can be initiated remotely. This vulnerability has been actively exploited in attacks targeting iOS versions prior to 17.2. Apple has addressed this issue with improved memory management in security updates released for affected operating systems. While the specific details of the exploit remain undisclosed, it's crucial for users to update their devices to mitigate the risk associated with this vulnerability.
- Description
- A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Use-After-Free Vulnerability
- Exploit added on
- Jan 29, 2025
- Exploit action due
- Feb 19, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Apple cihazlarında boşluqlar (CVE-2025-24085, CVE-2025-24200, CVE-2025-24201) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/aveeSTKcTQ
@CERTAzerbaijan
15 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has released backported fixes for three critical vulnerabilities in older iOS and macOS devices, which have been actively exploited. The vulnerabilities include: 1. **CVE-2025-24085** (CVSS 7.3): A use-after-free bug in Core Media that could allow privilege escalation. htt
@smart_c_intel
11 Apr 2025
38 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Old iPhones, new threats. Apple just patched 3 exploited zero-days and yes, even your dusty iPhone 6s is getting a fix. 🛡️ What's at stake? • CVE-2025-24201 (CVSS 8.8): Malicious web content breaking free from Safari’s sandbox • CVE-2025-24085 (7.3): Apps hijacking system ht
@achi_tech
5 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اپل برای ۳ آسیب پذیری خطرناک از نوع Zero Day با کدهای شناسایی CVE-2025-24200 و CVE-2025-24201 و CVE-2025-24085 که در apple watch و IPhone و IPad و apple TV وجود دارد ، پچ مربوطه را منتشر نموده است. برای پیشگیری به روز رسانی را انجام دهید. https://t.co/Poz3aKY03t https://t.co/jt
@AmirHossein_sec
4 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
أبل تغلق ٣ ثغرات مهمه -CVE-2025-24085 ثغرة تتعلق ب رفع صلاحيات التطبيق الضار في النظام -CVE-2025-24200 ثغره تسمح بنقل البيانات من الاجهزة دون طلب صلاحيات من منفذ USB -CVE-2025-24201 ثغرة تسمح لمحتوى الويب الضار بالدخول بالتعدي على امان التصفح لدى الاجهزة لابد تحدث جهازك 🏃 h
@HereHuss
2 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has issued an urgent security advisory about three zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—currently being exploited in sophisticated cyberattacks. These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs
@Avengingsecure
2 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Apple zero days are CVE-2025-24200 allows disabling USB Restricted Mode through physical access. CVE-2025-24201 compromises WebKit, enabling malicious web content to escape the sandbox. CVE-2025-24085 is a use-after-free vulnerability that may lead to privilege escalation.
@RayyxAB
2 Apr 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
2 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple backported fixes for three zero-day flaws (CVE-2025-24200, CVE-2025-24201, CVE-2025-24085) exploited in attacks on older iOS, iPadOS, & macOS versions. Learn about these vulnerabilities, their exploitation methods, & how to detect and mitigate them: https://t.co/Q5U
@qualys
1 Apr 2025
368 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Apple has issued security updates backporting fixes for zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 to older OS versions. Additionally, updates for the latest iOS, iPadOS, macOS, Safari, and Xcode have been released. #apple #updates https://t.co/F4
@Strivehawk
1 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تحديث iOS 18.4 قام باغلاق ثلاث ثغرات خطيرة (الايفون والماك والايباد) • ثغرة CVE-2025-24085: ترفع الصلاحيات لثببت تطبيقات غير مصرحه • ثغرة CVE-2025-24200: تعطل قيود الـ USB • ثغرة CVE-2025-24201: تلاعب بالمواقع لتجاوز الساند بوكس انصح بشدة بتحديث جهازك حالاً وتأمينه https://t
@mr_thamer
1 Apr 2025
12110 Impressions
9 Retweets
11 Likes
8 Bookmarks
5 Replies
1 Quote
• CVE-2025-24085 (CVSS score: 7.3) Ошибка использования после освобождения в компоненте Core Media. • CVE-2025-24200 (CVSS score: 4) Проблема авторизации в компоненте Специальные возможности, из-за которой отключить USB. • CVE-2025-24085 • CVE-2025-24200 • CVE-2025-24201 https
@byt3n33dl3
1 Apr 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple corregge 3 vulnerabilità critiche ed emerge exploit attivo su Cisco Sicurezza Informatica, cisa, cisco, CVE-2024-20439, CVE-2025-24085, exploit, iOS 15.8.4, vulnerabilità, webkit, zero-day https://t.co/SMuNjif9qA https://t.co/V66ErBLPWQ
@matricedigitale
1 Apr 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Old iPhones, new threats. Apple just patched 3 exploited zero-days—and yes, even your dusty iPhone 6s is getting a fix. 🛡️ What's at stake? • CVE-2025-24201 (CVSS 8.8): Malicious web content breaking free from Safari’s sandbox • CVE-2025-24085 (7.3): Apps hijacking system ht
@TheHackersNews
1 Apr 2025
16012 Impressions
82 Retweets
149 Likes
27 Bookmarks
3 Replies
4 Quotes
Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks. https://t.co/7e6dl8ADJ3
@Ashutosh__048
1 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Apple ≠ Invincible. In 2025, macOS is under siege: 💥 CVE-2025-24085: kernel exploit sold on the dark web 🪓 SIP bypass still in use 🛡️ SMBs see $158K breach costs New data-led deep dive from @taqtics_ai 📊👇 https://t.co/WYIuefVwEk #macOS #CyberSecurity #SMB https://t
@taqtics_ai
29 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
17 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
23 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
22 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
22 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
21 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
17 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
15 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
14 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple Fixes Zero-Day Exploited in Sophisticated Attacks! 🚨 CVE-2025-24200 allowed disabling USB Restricted Mode on locked devices—potential spyware risk! Another flaw (CVE-2025-24085) led to privilege escalation. Update NOW to iOS/iPadOS 18.3.1! https://t.co/T1MAc8L5JX… https:
@dCypherIO
11 Feb 2025
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Attenzione utenti Apple! La vulnerabilità zero-day CVE-2025-24085 minaccia i vostri iPhone, iPad e Mac. Aggiornate subito per proteggere i vostri dati! Siete pronti a difendere la vostra privacy? #AppleSecurity #CyberAlert https://t.co/SwzpZIrgj8
@LoSmartphone
11 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update your Apple products immediately! Due to CVE-2025-24085 it disables USB restricted mode and allows for exploitation and sideloading of unauthorized applications (back doors mostly). Do not ignore this update!
@zeroday31337
11 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
10 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#Apple released security updates for CVE-2025-24085. Don’t wait—check out this Cybersecurity Threat Advisory to learn how to secure your devices now! https://t.co/DIIpJHO5SN #ThreatAdvisory
@BarracudaMSP
10 Feb 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
9 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple’s latest zero-day threat is here — is your IT team ready? https://t.co/wRqW7wMYxT CVE-2025-24085 is actively being exploited, putting iPhones, Macs, and iPads at risk. With Apple’s growing enterprise presence, zero-day attacks are only increasing. https://t.co/luD24cyfvE
@addigy
7 Feb 2025
27 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
7 Feb 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
6 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24085: an actively exploited in the wild, affecting iPhones, iOS, iPads, Macs, Apple TVs, and more.
@byt3n33dl3
5 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
CVE-2025-24085, now were talking
@byt3n33dl3
5 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
5 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24085
@transilienceai
4 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2-3-2025 IF YOU HAVE AN APPLE UPGRADE NOW! ZeroDay 0Day Exploit in the wild! Technical details about the zero-day The zero-day vulnerability patched in this update is tracked as CVE-2025-24085. It is described as a use after free (UAF) issue in Apple’s Core Media framework that…
@forlotto3
3 Feb 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗓️Resumen. 27 Ene - 1 Feb 🟥DeepSeek en la mira de ciberataques. 🟥Apple parchea el ZeroDay CVE-2025-24085. 🟥Aquabot Botnet ataca teléfonos Mitel. 📢Imagen: Actividad Actores de Amenaza últimos 7 días. #CyberSecurity #InfoSec #ZeroDay #Apple #Botnet https://t.co/en6uXZpK0y
@belisariogm
3 Feb 2025
61 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
iOS 18.3 - 17 JAILBREAK NEWS: Alleged iOS Exploit For CVE-2025-24085 Obtained By BasVT! We Now Have Confirmation! 🌟 NEW VIDEO: https://t.co/Z1lHRkI8ol Developer @AppleDry05 has somehow obtained the files sold for $233 on GitHub and confirmed to us the files are indeed a hoax.
@FCE365
2 Feb 2025
13552 Impressions
14 Retweets
106 Likes
10 Bookmarks
12 Replies
0 Quotes
iOS 18.3 - 17 JAILBREAK (All Devices): iOS Vulnerability CVE-2025-24085 ... https://t.co/34MEy9INwm via @YouTube
@game1864
2 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has released a software update to patch a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more. This flaw could allow malicious apps to escalate privileges and take control of your device. https://t.co/
@achi_tech
2 Feb 2025
210 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
iOS 18.3 - 17.0 JAILBREAK NEWS (All Devices): New iOS Vulnerability Exploit Being SOLD! All We Know! 🌟 NEW VIDEO: https://t.co/a1YluWRsVB We're discussing the CVE-2025-24085 bug patched by Apple in iOS 18.3 and iPadOS 18.3 that can likely be useful for jailbreak purposes… http
@FCE365
1 Feb 2025
12611 Impressions
14 Retweets
97 Likes
25 Bookmarks
5 Replies
0 Quotes
Apple releases security updates to fix zero-day vulnerability. Stay safe with latest patches. Read more at: https://t.co/JsL8KOuCrd. #CyberSecurity #Apple #Update #CVE-2025-24085.
@threatlight
1 Feb 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-24085 #Apple Multiple Products Use-After-Free #Vulnerability https://t.co/N05dD8c36e
@ScyScan
1 Feb 2025
147 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Velká část zařízení společnosti Apple je pod hrozbou aktivně zneužívané zero-day zranitelnosti. Zranitelnost CVE-2025-24085 (CVSS skóre 7.3/7.8), spočívající v use-after-free chybě, je možné využít k eskalaci privilegií a v systému následně napáchat více škody. Apple… https:/
@AlefSecurity
31 Jan 2025
112 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
1/8 @Apple has patched its first iOS zero-day of 2025, CVE-2025-24085. Update your devices to protect against active exploits. 🔒 #AppleSecurity #ZeroDay
@Eth1calHackrZ
31 Jan 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Allarme sicurezza: Apple scopre la vulnerabilità CVE-2025-24085! iPhone, iPad, Mac e altri dispositivi a rischio. Aggiorna subito per proteggere i tuoi dati! Sei pronto a difendere la tua privacy digitale? #AppleSecurity #CyberAlert https://t.co/IrT4RWZhYD
@LoSmartphone
30 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
9/9 @Apple 's quick patch for CVE-2025-24085 demonstrates the ongoing fight against cyber threats. Be proactive and protect your digital life. 📘 #StaySecure
@Eth1calHackrZ
30 Jan 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Apple vulnerability CVE-2025-24085 to KEV Catalog #CISAKEV #CVE-2025-24085 #Apple https://t.co/wLzP0vtwAM
@pravin_karthik
30 Jan 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A",
"versionEndExcluding": "18.3"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B",
"versionEndExcluding": "18.3"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B",
"versionEndExcluding": "15.3"
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4",
"versionEndExcluding": "18.3"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD",
"versionEndExcluding": "2.3"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361",
"versionEndExcluding": "11.3"
}
],
"operator": "OR"
}
]
}
]