Security News > 2025 > January > Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
2025-01-28 11:10
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of media data. The vulnerability can be triggered by a malicious application and may allow attackers to elevate privileges on targeted devices. “Apple is aware of a report that this issue may have been actively exploited … More → The post Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) appeared first on Help Net Security.
News URL
Related news
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2025-24085 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 7.8 |