CVE-2025-24085

Name of the Vulnerable Software and Affected Versions Apple products versions prior to visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3.

Description A use-after-free issue exists in the Core Media component of Apple products. This issue allows a malicious application to potentially elevate privileges. Apple is aware of reports that this issue has been actively exploited against versions of iOS prior to iOS 17.2. The vulnerability has been actively exploited in the wild and is associated with a zero-day exploit. The exploit involves a malicious iMessage containing a specially crafted HEIF image, bypassing BlastDoor and triggering a WebKit remote code execution, potentially leading to unauthorized keychain access and network redirection.

Recommendations Update to visionOS 2.3 or later. Update to iOS 18.3 or later. Update to iPadOS 18.3 or later. Update to macOS Sequoia 15.3 or later. Update to watchOS 11.3 or later. Update to tvOS 18.3 or later.