Executive Summary

As of October 2023, Apple has addressed a critical zero-day vulnerability, identified as CVE-2025-24085, which has been actively exploited in the wild. This vulnerability, a privilege escalation flaw within Apple's Core Media framework, affects a broad spectrum of Apple devices, including iPhones, iPads, Macs, Apple Watches, and Apple TVs. The exploitation of this vulnerability underscores the necessity for immediate action to update affected devices to mitigate potential security risks.

Technical Information

The CVE-2025-24085 vulnerability is a privilege escalation flaw located within the Core Media framework of Apple's operating systems. This flaw allows a malicious application to elevate its privileges on the affected device, potentially leading to unauthorized access and control. The vulnerability impacts multiple Apple platforms, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. The affected devices range from iPhone XS and later models, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later, macOS Sequoia, Apple Watch Series 6 and later, to Apple TV HD and Apple TV 4K (all models).

The vulnerability's exploitation involves a malicious application leveraging the flaw to gain elevated privileges, which could lead to unauthorized actions on the device. The nature of the vulnerability suggests that it could be used in targeted attacks, making it imperative for users to apply the necessary security updates. Apple has released patches to address this vulnerability through improved memory management, and users are strongly advised to update their devices to the latest software versions: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.

Exploitation in the Wild

The CVE-2025-24085 vulnerability has been actively exploited in the wild, with Apple acknowledging its use against versions of iOS prior to iOS 17.2. While specific details of the attacks have not been disclosed, the targeted nature of the exploitation suggests that attackers may have been focusing on specific individuals or organizations. The Bleeping Computer article (https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/) confirms the likelihood of targeted attacks, emphasizing the critical need for users to apply security updates promptly.

APT Groups using this vulnerability

While specific Advanced Persistent Threat (APT) groups exploiting this vulnerability have not been publicly identified, the targeted nature of the attacks suggests that sophisticated threat actors may be involved. These groups often target sectors such as government, finance, and critical infrastructure, and operate in regions including North America, Europe, and Asia. The exploitation of zero-day vulnerabilities is a common tactic used by APT groups to gain unauthorized access to sensitive information and systems.

Affected Product Versions

The CVE-2025-24085 vulnerability affects a wide range of Apple devices and operating systems. Affected products include iPhone XS and later models, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later, macOS Sequoia, Apple Watch Series 6 and later, and Apple TV HD and Apple TV 4K (all models). Users of these devices are urged to update to the latest software versions to mitigate the risk of exploitation.

Workaround and Mitigation

To mitigate the risk posed by the CVE-2025-24085 vulnerability, Apple has released security patches that improve memory management within the Core Media framework. Users are strongly advised to update their devices to the latest software versions: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3. In addition to applying these updates, users should remain vigilant for any unusual activity on their devices and consider implementing additional security measures such as enabling two-factor authentication and regularly reviewing app permissions.

References

For further information on the CVE-2025-24085 vulnerability and the associated security updates, please refer to the following resources: Bleeping Computer article (https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/) and Apple's official security updates page (https://support.apple.com/en-us/HT201222) for detailed patch notes and affected versions.

Rescana is here for you

At Rescana, we are committed to helping our customers navigate the complex landscape of cybersecurity threats. Our Third Party Risk Management (TPRM) platform is designed to provide comprehensive insights into potential vulnerabilities and risks, enabling organizations to make informed decisions and enhance their security posture. Should you have any questions about this report or require assistance with any cybersecurity issues, please do not hesitate to contact us at ops@rescana.com. We are here to support you in safeguarding your digital assets.