Security News > 2025 > January > Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
2025-01-28 11:10
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of media data. The vulnerability can be triggered by a malicious application and may allow attackers to elevate privileges on targeted devices. “Apple is aware of a report that this issue may have been actively exploited … More → The post Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) appeared first on Help Net Security.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2025-24085 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 7.8 |