Apple Releases Security Updates for Multiple Products
Security updates include remediation for an exploited zero-day privilege escalation vulnerability affecting iOS, iPadOS, and macOS
Summary
Security updates include remediation for an exploited zero-day privilege escalation vulnerability affecting iOS, iPadOS, and macOS
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2025-24085
Apple reports that CVE-2025-24085 may have been actively exploited against versions of iOS before iOS 17.2
Introduction
Apple has released security updates to address 70 named vulnerabilities in multiple Apple products, including the exploited zero-day privilege escalation vulnerability CVE-2025-24085.
CVE-2025-24085 is a 'use after free' vulnerability with a CVSSv3 base score of 7.8. Apple reports that CVE-2025-24085 may have been exploited by attackers against versions of iOS before 17.2.
Threat updates
| Date | Update |
|---|---|
| 29 Jan 2025 | Added CVSS score details for CVE-2025-24085 |
Remediation advice
Affected organisations are encouraged to review Apple security releases and apply the relevant updates.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Safari 18.3 | 122074 https://support.apple.com/en-us/122074 |
| Patch |
iOS 18.3 and iPadOS 18.3 | 122066 https://support.apple.com/en-us/122066 |
| Patch |
iPadOS 17.7.4 | 122067 https://support.apple.com/en-us/122067 |
| Patch |
macOS Sequoia 15.3 | 122068 https://support.apple.com/en-us/122068 |
| Patch |
macOS Sonoma 14.7.3 | 122069 https://support.apple.com/en-us/122069 |
| Patch |
macOS Ventura 13.7.3 | 122070 https://support.apple.com/en-us/122070 |
|
watchOS 11.3 | 122071 https://support.apple.com/en-us/122071 |
|
| Patch |
tvOS 18.3 | 122072 https://support.apple.com/en-us/122072 |
| Patch |
visionOS 2.3 | 122073 https://support.apple.com/en-us/122073 |
Definitive source of threat updates
Last edited: 29 January 2025 12:32 pm