Apple has released an urgent security update to address the first actively exploited zero-day vulnerability of 2025, tracked as CVE-2025-24085. This critical flaw, found in the Core Media framework, could allow malicious applications to elevate privileges and compromise devices. Apple has acknowledged that this vulnerability has already been exploited in targeted attacks on devices running iOS versions prior to iOS 17.2.

The security flaw affects a broad range of Apple products, including iPhone XS and later, iPad Pro 3rd generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, macOS Sequoia, Apple Watch Series 6 and newer, and all Apple TV HD and Apple TV 4K models. To protect against potential threats, Apple has rolled out updates for iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3. These updates improve memory management to mitigate the issue.

While details about how this zero-day has been exploited in the wild remain limited, Apple has strongly advised all users of affected devices to install the updates immediately. The vulnerability, though likely used in targeted attacks, could still pose risks to a wider audience if left unpatched.

This marks the beginning of Apple’s 2025 security updates, following a trend from 2024, when the company resolved six zero-day vulnerabilities over the year. Apple’s swift response to emerging threats underscores the importance of staying updated in an increasingly complex security landscape. To download the latest updates, users should navigate to the settings menu on their devices to check for it manually, or click/tap on the notification for the update.