EXECUTIVE SUMMARY:
Apple has released critical software updates addressing security vulnerabilities across its devices, including a zero-day flaw tracked as CVE-2025-24085, which has been actively exploited in the wild. This vulnerability, a use-after-free bug in the Core Media component, could allow a malicious application on an affected device to escalate privileges. Affected devices include Macs. Additionally, multiple other security issues were addressed, including those related to AirPlay and the CoreAudio component, which could lead to system crashes, denial-of-service attacks, or arbitrary code execution. It could allow remote attackers to execute arbitrary code. Security improvements were made to the Kernel to prevent malicious apps from gaining unauthorized system access.
- CVE-2025-24085: It is a use-after-free vulnerability in Apple’s Core Media component. It allows a malicious application to escalate privileges on affected devices. The flaw has been actively exploited in the wild, affecting various Apple products.
- CVE-2025-24160: It is a vulnerability in Apple's CoreAudio component. It could allow an attacker to cause unexpected app termination by parsing a specially crafted file. The issue could lead to arbitrary code execution on affected devices.
- CVE-2025-24161: It is a security vulnerability in Apple's CoreAudio component. It can cause unexpected app termination when processing a specially crafted file. This flaw may potentially lead to denial-of-service (DoS) or further exploitation.
- CVE-2025-24163: It is a vulnerability in Apple's CoreAudio component. It can trigger unexpected app termination when handling a specially crafted file. This flaw could be exploited by disrupting system functionality or executing malicious code.
RECOMMENDATION:
- We strongly recommend you update Apple macOS Sequoia to version 15.3.
REFERENCES:
The following reports contain further technical details:
https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html
