Apple Releases Security Patch for Zero-Day Vulnerability

Latest Security Update

In its latest security update for users, Apple has released a patch for a zero-day vulnerability tracked as CVE-2025-24085 (no CVSS score assigned yet). This vulnerability can be found in iOS, iPadOS, macOS, tvOS, watchOS, and visionOS, and is classified as a privileged escalation security flaw located in Apple’s Core Media framework.

Affected Devices

The vulnerability affects the following devices:

• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
• iPad Pro 11-inch 1st generation and later
• iPad Air 3rd generation and later
• iPad 7th generation and later
• iPad mini 5th generation and later

Exploitation

Though the tech giant has disclosed that "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," it has not published any details of the attacks nor attributed its discovery to a researcher.

No CVSS Score Assigned Yet

The vulnerability has not been added to the National Vulnerability Database (NVD), and as a result, no CVSS score has been assigned yet.