Apple Releases Security Updates to Patch Actively Exploited Vulnerability

Apple has released new versions of its operating systems—iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. These updates include patches for a zero-day vulnerability that was being actively exploited in attacks.

About the Vulnerability

The critical flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media component. A malicious app could exploit this vulnerability to escalate privileges on the system.

“We are aware of reports that CVE-2025-24085 has been exploited in real-world cyberattacks targeting users of iOS versions prior to 17.2,” Apple stated.

Patched Operating System Versions

The following operating system versions include the security patch:

• iOS 18.3 and iPadOS 18.3: Available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
• macOS Sequoia 15.3: Available for Mac computers running macOS Sequoia.
• tvOS 18.3: Available for all Apple TV HD and Apple TV 4K models.
• visionOS 2.3: Available for Apple Vision Pro devices.
• watchOS 11.3: Available for Apple Watch Series 6 and later.

Additional Information

At this time, technical details about how the vulnerability is being exploited have not been disclosed.