01-31-2025, 01:05 PM
News Apple Fixes Critical Cyber Threats, Including Actively Exploited Zero-Day
<p><img width="1280" height="853" src="https://thecyberexpress.com/wp-content/uploads/Apple-Security-Update-2.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Apple Security Update" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Apple-Security-Update-2.webp 1280w, https://thecyberexpress.com/wp-content/u...0x200.webp 300w, https://thecyberexpress.com/wp-content/u...4x682.webp 1024w, https://thecyberexpress.com/wp-content/u...8x512.webp 768w, https://thecyberexpress.com/wp-content/u...0x400.webp 600w, https://thecyberexpress.com/wp-content/u...0x100.webp 150w, https://thecyberexpress.com/wp-content/u...0x500.webp 750w, https://thecyberexpress.com/wp-content/u...0x760.webp 1140w" sizes="(max-width: 1280px) 100vw, 1280px" title="Apple Fixes Critical Cyber Threats, Including Actively Exploited Zero-Day 17"></p><span data-contrast="auto">Apple has rolled out a series of software updates to patch several critical vulnerabilities, including a zero-day flaw that had been actively exploited in the wild. The Apple security updates fix various security issues, notably a use-after-free bug affecting the Core Media component of Apple’s operating systems, which could allow malicious applications to elevate privileges.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Tracked as CVE-2025-24085, this zero-day <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/" title="vulnerability" data-wpil-keyword-link="linked" data-wpil-monitor-id="20914">vulnerability</a> had the potential to be exploited by attackers to gain unauthorized access to a device’s system-level privileges. Apple acknowledged that the flaw had been actively exploited on versions of iOS prior to iOS 17.2, underlining the urgency of the <a href="https://thecyberexpress.com/tor-browser-13-5-3-released/" target="_blank" rel="noopener" data-wpil-monitor-id="20890">security update</a>. </span><span data-contrast="auto">As part of its <a class="wpil_keyword_link" href="https://thecyberexpress.com/" title="security" data-wpil-keyword-link="linked" data-wpil-monitor-id="20915">security</a> efforts, Apple has addressed the flaw by improving memory management and making other vital fixes. </span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">A Comprehensive Apple Security Update</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<img class="alignnone size-full wp-image-100623" src="https://thecyberexpress.com/wp-content/uploads/Apple-Security-Update-.webp" alt="Apple Security Update " width="924" height="820" />
<span data-contrast="auto"><a href="https://support.apple.com/en-us/100100" target="_blank" rel="nofollow noopener">Apple’s security update</a> covers various components, including iOS, iPadOS, macOS, watchOS, and tvOS, with critical patches released for multiple devices. Here is a breakdown of the update timeline and the affected platforms:</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122073" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">visionOS 2.3</span></b></a><span data-contrast="auto"> (for Apple Vision Pro) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122066" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">iOS 18.3 and iPadOS 18.3</span></b></a><span data-contrast="auto"> (for compatible iPhones and iPads) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122068" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">macOS Sequoia 15.3</span></b></a><span data-contrast="auto"> (for Apple computers) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122069" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">macOS Sonoma 14.7.3</span></b></a><span data-contrast="auto"> (for Apple computers) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122070" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">macOS Ventura 13.7.3</span></b></a><span data-contrast="auto"> (for older Apple computers) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122071" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">watchOS 11.3</span></b></a><span data-contrast="auto"> (for Apple Watches) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122072" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">tvOS 18.3</span></b></a><span data-contrast="auto"> (for Apple TV) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122074" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">Safari 18.3</span></b></a><span data-contrast="auto"> (for web browsers on macOS) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
</ul>
<span data-contrast="auto">This broad rollout addresses <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/" title="vulnerabilities" data-wpil-keyword-link="linked" data-wpil-monitor-id="20916">vulnerabilities</a> in various system components, ensuring that a wide range of Apple devices remains secure.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Zero-Day Vulnerability and Memory Management Fixes</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<span data-contrast="auto">One of the most concerning vulnerabilities fixed in this Apple security update is CVE-2025-24085, a use-after-free bug in Core Media. The vulnerability was discovered in earlier versions of iOS and could have been exploited by attackers to elevate privileges on the device. In simpler terms, this flaw allowed a malicious app to bypass security restrictions and execute unauthorized actions with root-level privileges.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Apple’s proactive measures included improved memory management within the affected systems, specifically targeting iPhones, iPads, and Macs running earlier iOS and macOS versions. The company’s security patch effectively neutralized the threat, eliminating the risk of unauthorized access that could compromise user <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/" title="data" data-wpil-keyword-link="linked" data-wpil-monitor-id="20913">data</a>.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Key Vulnerabilities Fixed</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<span data-contrast="auto">Beyond the zero-day vulnerabilities, this <a href="https://thecyberexpress.com/google-addresses-two-android-zero-days/" target="_blank" rel="noopener" data-wpil-monitor-id="20883">security update addresses</a> several other flaws across Apple’s ecosystem. Here are some of the key areas impacted by the latest fixes:</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">AirPlay Vulnerabilities</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">AirPlay, Apple’s wireless streaming protocol, was found to have <a href="https://thecyberexpress.com/vulnerabilities-carrier-lenels2-netbox/" target="_blank" rel="noopener" data-wpil-monitor-id="20886">multiple vulnerabilities</a>, which could have led to issues such as memory corruption, system crashes, and denial-of-service (DoS) attacks. These vulnerabilities, including CVE-2025-24126, CVE-2025-24129, and CVE-2025-24137, were particularly concerning as they could have allowed attackers to disrupt streaming sessions or cause unexpected crashes. Apple has fixed these vulnerabilities by improving input validation and memory management protocols within the AirPlay system.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">ARKit and CoreMedia Vulnerabilities</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">ARKit, which powers augmented reality (AR) experiences, also had vulnerabilities related to file parsing, as seen in CVE-2025-24127. Apple resolved this issue by enhancing validation and error handling during ARKit’s interaction with files, preventing unexpected app terminations.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Similarly, CoreMedia faced a serious flaw in the form of CVE-2025-24085, a zero-day vulnerability that enabled privilege escalation. This was a critical issue that could have been used by malicious actors to elevate their privileges within the system, essentially bypassing normal security restrictions. Apple’s fix ensures better memory handling, preventing unauthorized access to system-level privileges.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">ImageIO and WebKit Fixes</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">Apple also addressed security issues in ImageIO, which processes image files, and WebKit, the rendering engine for web content. In ImageIO, a denial-of-service vulnerability, identified as CVE-2025-24086, was fixed. This vulnerability could have led to app crashes when processing maliciously crafted image files.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">WebKit, meanwhile, received a series of fixes for vulnerabilities such as CVE-2025-24143 and CVE-2025-24150. These issues had the potential to allow malicious actors to track users through fingerprinting or inject commands into the system. Apple’s fix ensures a more secure <a href="https://thecyberexpress.com/are-you-following-safe-browsing-patterns/" target="_blank" rel="noopener" data-wpil-monitor-id="20885">browsing</a> experience, with better memory management and file handling within WebKit.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Kernel and System-Level Fixes</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">The kernel, a core part of any operating system, was also a target for several vulnerabilities. CVE-2025-24159, a vulnerability in the kernel, was patched to prevent unauthorized execution of arbitrary code with kernel privileges. This critical issue could have led to severe system-level exploits. Apple’s fix fortifies kernel security, ensuring that only authorized applications can execute high-level system functions.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Similarly, vulnerabilities in LaunchServices and AppleMobileFileIntegrity were addressed to prevent unauthorized apps from accessing sensitive <a href="https://thecyberexpress.com/tech-in-asia-data-breach-230000-users-at-risk/" target="_blank" rel="noopener" data-wpil-monitor-id="20891">user data</a> or bypassing privacy restrictions.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Other Notable Fixes in Apple’s Latest Security Update</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">Several other components of Apple’s ecosystem also received patches as part of this security update. Notably, vulnerabilities in Safari 18.3 were fixed, particularly a vulnerability that could have allowed attackers to spoof the address bar, misleading users into believing they were on a trusted website when they were not. This fix improves web browser security and ensures that users can trust the URLs displayed in their browser.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Additionally, watchOS 11.3 and tvOS 18.3 received patches for AirPlay and CoreMedia vulnerabilities, preventing potential attacks on Apple Watches and Apple TVs.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Conclusion</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<span data-contrast="auto">By addressing critical vulnerabilities, including CVE-2025-24085, and fixing issues in key components like AirPlay, ARKit, and WebKit, Apple strengthens the security of its ecosystem. Users are urged to install these updates promptly to protect their devices from potential exploits.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">With ongoing collaboration with security researchers, Apple continues to protect its users from <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/" title="cyber" data-wpil-keyword-link="linked" data-wpil-monitor-id="20912">cyber</a> threats. This update is a crucial step in maintaining the integrity of <a href="https://thecyberexpress.com/vulnerabilities-in-apple-ios-exploited-patch/" target="_blank" rel="noopener" data-wpil-monitor-id="20892">Apple’s operating</a> systems and reinforces the company’s dedication to security.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
https://thecyberexpress.com/new-apple-security-update/
<p><img width="1280" height="853" src="https://thecyberexpress.com/wp-content/uploads/Apple-Security-Update-2.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Apple Security Update" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Apple-Security-Update-2.webp 1280w, https://thecyberexpress.com/wp-content/u...0x200.webp 300w, https://thecyberexpress.com/wp-content/u...4x682.webp 1024w, https://thecyberexpress.com/wp-content/u...8x512.webp 768w, https://thecyberexpress.com/wp-content/u...0x400.webp 600w, https://thecyberexpress.com/wp-content/u...0x100.webp 150w, https://thecyberexpress.com/wp-content/u...0x500.webp 750w, https://thecyberexpress.com/wp-content/u...0x760.webp 1140w" sizes="(max-width: 1280px) 100vw, 1280px" title="Apple Fixes Critical Cyber Threats, Including Actively Exploited Zero-Day 17"></p><span data-contrast="auto">Apple has rolled out a series of software updates to patch several critical vulnerabilities, including a zero-day flaw that had been actively exploited in the wild. The Apple security updates fix various security issues, notably a use-after-free bug affecting the Core Media component of Apple’s operating systems, which could allow malicious applications to elevate privileges.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Tracked as CVE-2025-24085, this zero-day <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/" title="vulnerability" data-wpil-keyword-link="linked" data-wpil-monitor-id="20914">vulnerability</a> had the potential to be exploited by attackers to gain unauthorized access to a device’s system-level privileges. Apple acknowledged that the flaw had been actively exploited on versions of iOS prior to iOS 17.2, underlining the urgency of the <a href="https://thecyberexpress.com/tor-browser-13-5-3-released/" target="_blank" rel="noopener" data-wpil-monitor-id="20890">security update</a>. </span><span data-contrast="auto">As part of its <a class="wpil_keyword_link" href="https://thecyberexpress.com/" title="security" data-wpil-keyword-link="linked" data-wpil-monitor-id="20915">security</a> efforts, Apple has addressed the flaw by improving memory management and making other vital fixes. </span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">A Comprehensive Apple Security Update</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<img class="alignnone size-full wp-image-100623" src="https://thecyberexpress.com/wp-content/uploads/Apple-Security-Update-.webp" alt="Apple Security Update " width="924" height="820" />
<span data-contrast="auto"><a href="https://support.apple.com/en-us/100100" target="_blank" rel="nofollow noopener">Apple’s security update</a> covers various components, including iOS, iPadOS, macOS, watchOS, and tvOS, with critical patches released for multiple devices. Here is a breakdown of the update timeline and the affected platforms:</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122073" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">visionOS 2.3</span></b></a><span data-contrast="auto"> (for Apple Vision Pro) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122066" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">iOS 18.3 and iPadOS 18.3</span></b></a><span data-contrast="auto"> (for compatible iPhones and iPads) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122068" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">macOS Sequoia 15.3</span></b></a><span data-contrast="auto"> (for Apple computers) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122069" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">macOS Sonoma 14.7.3</span></b></a><span data-contrast="auto"> (for Apple computers) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122070" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">macOS Ventura 13.7.3</span></b></a><span data-contrast="auto"> (for older Apple computers) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122071" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">watchOS 11.3</span></b></a><span data-contrast="auto"> (for Apple Watches) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122072" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">tvOS 18.3</span></b></a><span data-contrast="auto"> (for Apple TV) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><a href="https://support.apple.com/en-us/122074" target="_blank" rel="nofollow noopener"><b><span data-contrast="auto">Safari 18.3</span></b></a><span data-contrast="auto"> (for web browsers on macOS) - Released on January 27, 2025</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":0,"335559739":0}"> </span></li>
</ul>
<span data-contrast="auto">This broad rollout addresses <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/" title="vulnerabilities" data-wpil-keyword-link="linked" data-wpil-monitor-id="20916">vulnerabilities</a> in various system components, ensuring that a wide range of Apple devices remains secure.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Zero-Day Vulnerability and Memory Management Fixes</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<span data-contrast="auto">One of the most concerning vulnerabilities fixed in this Apple security update is CVE-2025-24085, a use-after-free bug in Core Media. The vulnerability was discovered in earlier versions of iOS and could have been exploited by attackers to elevate privileges on the device. In simpler terms, this flaw allowed a malicious app to bypass security restrictions and execute unauthorized actions with root-level privileges.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Apple’s proactive measures included improved memory management within the affected systems, specifically targeting iPhones, iPads, and Macs running earlier iOS and macOS versions. The company’s security patch effectively neutralized the threat, eliminating the risk of unauthorized access that could compromise user <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/" title="data" data-wpil-keyword-link="linked" data-wpil-monitor-id="20913">data</a>.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Key Vulnerabilities Fixed</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<span data-contrast="auto">Beyond the zero-day vulnerabilities, this <a href="https://thecyberexpress.com/google-addresses-two-android-zero-days/" target="_blank" rel="noopener" data-wpil-monitor-id="20883">security update addresses</a> several other flaws across Apple’s ecosystem. Here are some of the key areas impacted by the latest fixes:</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">AirPlay Vulnerabilities</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">AirPlay, Apple’s wireless streaming protocol, was found to have <a href="https://thecyberexpress.com/vulnerabilities-carrier-lenels2-netbox/" target="_blank" rel="noopener" data-wpil-monitor-id="20886">multiple vulnerabilities</a>, which could have led to issues such as memory corruption, system crashes, and denial-of-service (DoS) attacks. These vulnerabilities, including CVE-2025-24126, CVE-2025-24129, and CVE-2025-24137, were particularly concerning as they could have allowed attackers to disrupt streaming sessions or cause unexpected crashes. Apple has fixed these vulnerabilities by improving input validation and memory management protocols within the AirPlay system.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">ARKit and CoreMedia Vulnerabilities</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">ARKit, which powers augmented reality (AR) experiences, also had vulnerabilities related to file parsing, as seen in CVE-2025-24127. Apple resolved this issue by enhancing validation and error handling during ARKit’s interaction with files, preventing unexpected app terminations.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Similarly, CoreMedia faced a serious flaw in the form of CVE-2025-24085, a zero-day vulnerability that enabled privilege escalation. This was a critical issue that could have been used by malicious actors to elevate their privileges within the system, essentially bypassing normal security restrictions. Apple’s fix ensures better memory handling, preventing unauthorized access to system-level privileges.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">ImageIO and WebKit Fixes</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">Apple also addressed security issues in ImageIO, which processes image files, and WebKit, the rendering engine for web content. In ImageIO, a denial-of-service vulnerability, identified as CVE-2025-24086, was fixed. This vulnerability could have led to app crashes when processing maliciously crafted image files.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">WebKit, meanwhile, received a series of fixes for vulnerabilities such as CVE-2025-24143 and CVE-2025-24150. These issues had the potential to allow malicious actors to track users through fingerprinting or inject commands into the system. Apple’s fix ensures a more secure <a href="https://thecyberexpress.com/are-you-following-safe-browsing-patterns/" target="_blank" rel="noopener" data-wpil-monitor-id="20885">browsing</a> experience, with better memory management and file handling within WebKit.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Kernel and System-Level Fixes</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">The kernel, a core part of any operating system, was also a target for several vulnerabilities. CVE-2025-24159, a vulnerability in the kernel, was patched to prevent unauthorized execution of arbitrary code with kernel privileges. This critical issue could have led to severe system-level exploits. Apple’s fix fortifies kernel security, ensuring that only authorized applications can execute high-level system functions.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Similarly, vulnerabilities in LaunchServices and AppleMobileFileIntegrity were addressed to prevent unauthorized apps from accessing sensitive <a href="https://thecyberexpress.com/tech-in-asia-data-breach-230000-users-at-risk/" target="_blank" rel="noopener" data-wpil-monitor-id="20891">user data</a> or bypassing privacy restrictions.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Other Notable Fixes in Apple’s Latest Security Update</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h3>
<span data-contrast="auto">Several other components of Apple’s ecosystem also received patches as part of this security update. Notably, vulnerabilities in Safari 18.3 were fixed, particularly a vulnerability that could have allowed attackers to spoof the address bar, misleading users into believing they were on a trusted website when they were not. This fix improves web browser security and ensures that users can trust the URLs displayed in their browser.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Additionally, watchOS 11.3 and tvOS 18.3 received patches for AirPlay and CoreMedia vulnerabilities, preventing potential attacks on Apple Watches and Apple TVs.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Conclusion</span></b><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></h2>
<span data-contrast="auto">By addressing critical vulnerabilities, including CVE-2025-24085, and fixing issues in key components like AirPlay, ARKit, and WebKit, Apple strengthens the security of its ecosystem. Users are urged to install these updates promptly to protect their devices from potential exploits.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">With ongoing collaboration with security researchers, Apple continues to protect its users from <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/" title="cyber" data-wpil-keyword-link="linked" data-wpil-monitor-id="20912">cyber</a> threats. This update is a crucial step in maintaining the integrity of <a href="https://thecyberexpress.com/vulnerabilities-in-apple-ios-exploited-patch/" target="_blank" rel="noopener" data-wpil-monitor-id="20892">Apple’s operating</a> systems and reinforces the company’s dedication to security.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335551550":0,"335551620":0,"335559738":240,"335559739":240}"> </span>
https://thecyberexpress.com/new-apple-security-update/