Security News > 2025 > January > Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
2025-01-28 11:10
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of media data. The vulnerability can be triggered by a malicious application and may allow attackers to elevate privileges on targeted devices. “Apple is aware of a report that this issue may have been actively exploited … More → The post Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) appeared first on Help Net Security.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2025-24085 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 7.8 |