Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Actively Exploited Vulnerability in Apple Products
Alerts

Actively Exploited Vulnerability in Apple Products

28 January 2025

Apple has released security updates addressing a vulnerability (CVE-2025-24085) which is a privilege escalation security flaw in Apple's Core Media framework. This vulnerability is reportedly being actively exploited.

Successful exploitation of this vulnerability could allow a malicious application to elevate privileges. 

The vulnerability has been fixed in the following devices and operating system versions:

  • IOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

  • macOS Sequoia 15.3 - Macs running macOS Sequoia

  • tvOS 18.3-Apple TV HD and Apple TV 4K (all models)

  • visionOS 2.3 - Apple Vision Pro

  • watchOS 11.3 - Apple Watch Series 6 and later

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://support.apple.com/en-gb/122066

https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/

https://nvd.nist.gov/vuln/detail/CVE-2025-24085