The latest iPhone update patches a security flaw exploited since 2023

Macworld

Apple on Monday released a flurry of updates for all of its devices that provide several new features and fix a handful of bugs. But as always, the most important reason to upgrade is because they make your devices safer.

Among the numerous security updates, the iOS/iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3 updates patch a CoreMedia zero-day flaw. Exploitation of CVE-2025-24085 could allow a malicious application to access privileged parts of the system and was fixed with improved memory management.

CoreMedia is a framework used for time-based audio-visual assets such as podcast apps and other media players.

Apple says it is aware of a report that the vulnerability may have been actively exploited using versions of iOS before iOS 17.2, which arrived in December 2023. Interestingly, Apple didn’t release iOS 17.7.3 with a fix for phones not running iOS 18, though all phones that were compatible with iOS 17 are also compatible with iOS 18. 

For older tablets, Apple released iPadOS 17.7.3, though it does not include the CoreMedia fix. The updates for older Macs (macOS Sonoma 14.7.3 and macOS Ventura 13.7.3) also don’t include a CoreMedia fix. Among the other security patches in the updates are several AirPlay fixes and a FaceTime fix related to apps accessing user-sensitive data.

Apple didn’t divulge who discovered the security flaw. It’s also unclear how the vulnerability was exploited. You can update your Apple device by going to the Settings app (System Settings on a Mac) and selecting the Software Update tab.