{"id":25718,"date":"2025-01-28T06:10:08","date_gmt":"2025-01-28T14:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2025\/01\/28\/news-19441\/"},"modified":"2025-01-28T06:10:08","modified_gmt":"2025-01-28T14:10:08","slug":"news-19441","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2025\/01\/28\/news-19441\/","title":{"rendered":"Apple users: Update your devices now to patch zero-day vulnerability"},"content":{"rendered":"\n<p>Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS.<\/p>\n<p>Apple said:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.&#8221;<\/p>\n<\/blockquote>\n<p>Devices affected are those that run:<\/p>\n<ul class=\"wp-block-list\">\n<li>iPhone XS and later<\/li>\n<li>iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later<\/li>\n<li>macOS Sequoia<\/li>\n<li>Apple Watch Series 6 and later<\/li>\n<li>All models of Apple TV HD and Apple TV 4K<\/li>\n<\/ul>\n<p>If you use any of these then you should install updates as soon as you can. To check if you\u2019re using the latest software version, go to\u00a0<strong>Settings<\/strong>\u00a0(or\u00a0<strong>System Settings<\/strong>) &gt;\u00a0<strong>General\u00a0<\/strong>&gt;<strong>\u00a0Software Update<\/strong>. It\u2019s also worth turning on Automatic Updates if you haven\u2019t already, which you can do on the same screen.<\/p>\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img decoding=\"async\" loading=\"lazy\" width=\"965\" height=\"1284\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2025\/01\/ready_to_update.png\" alt=\"iPadOS18.3 ready to update\" class=\"wp-image-148364\" style=\"width:700px\" \/><\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-technical-details-about-the-zero-day\">Technical details about the zero-day<\/h2>\n<p>The zero-day vulnerability patched in this update is tracked as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-24085\">CVE-2025-24085<\/a>. It is described as a use after free (UAF) issue in Apple&#8217;s Core Media framework that would allow an attacker to elevate privileges.<\/p>\n<p>The Core Media framework handles multimedia applications like photos, videos, and real-time communication applications. UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program\u2019s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, successful exploitation could provide a malicious app with privileges on the affected device that it shouldn\u2019t have.<\/p>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2025\/01\/apple-users-update-your-devices-now-to-patch-zero-day-vulnerability\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Apple has released a host of security updates for iOS, iPadOS, Mac, Apple Watch, and Apple TV. Update as soon as you can. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,32351,10480,24749,32,11304],"class_list":["post-25718","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-cve-2025-24085","tag-ios","tag-ipados","tag-news","tag-update"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25718"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25718\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}