Saturday , March 1 2025
Apple

Apple fixed year’s first actively exploited zero-day flaw

infosecbulletin Tuesday , January 28 2025 Cyber Attack

Apple has issued security updates to address a zero-day flaw affecting iPhone users that is currently being exploited in attacks.

A zero-day vulnerability, CVE-2025-24085, has been fixed today. It affects Apple’s Core Media framework and allows privilege escalation on iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

Microsoft Uncovers Hackers Selling Illegal Azure AI Access

By infosecbulletin / Saturday , March 1 2025
Microsoft has filed an amended complaint in recent civil litigation, naming the main developers of malicious tools that bypass the...
Read More
Microsoft Uncovers Hackers Selling Illegal Azure AI Access

By 2025, India’s First Semiconductor Chip to be ready

By infosecbulletin / Friday , February 28 2025
At the Global Investors Summit 2025, Union Minister Ashwini Vaishnaw announced that India’s first indigenous semiconductor chip will be ready...
Read More
By 2025, India’s First Semiconductor Chip to be ready

CVE-2025-20111
Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

By infosecbulletin / Thursday , February 27 2025
Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash...
Read More
CVE-2025-20111 Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

CVE-2025-0475 & CVE-2025-0555
GitLab’s High-Risk Flaw, Patch Now Urgently!

By infosecbulletin / Thursday , February 27 2025
GitLab has released a security advisory, urging all self-managed installations to upgrade to versions 17.9.1, 17.8.4, or 17.7.6 due to...
Read More
CVE-2025-0475 & CVE-2025-0555 GitLab’s High-Risk Flaw, Patch Now Urgently!

Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts

By infosecbulletin / Thursday , February 27 2025
A China-linked botnet is targeting Microsoft 365 accounts with widespread password spraying attacks, according to a report by SecurityScorecard. A...
Read More
Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts

HaveIBeenPwned Added 244 Million Passwords Stolen By Infostealers

By infosecbulletin / Wednesday , February 26 2025
A breach notification site has added millions of new passwords and email addresses obtained from infostealer malware. Troy Hunt, founder of...
Read More
HaveIBeenPwned Added 244 Million Passwords Stolen By Infostealers

Hackers Exploits RCE flaw in Cisco Small Business Router

By infosecbulletin / Wednesday , February 26 2025
Cybersecurity researchers have discovered a campaign exploiting a remote command execution vulnerability, CVE-2023-20118, in Cisco Small Business Routers. This vulnerability...
Read More
Hackers Exploits RCE flaw in Cisco Small Business Router

CISA Alerts For Active Exploited Zimbra and Microsoft flaw

By infosecbulletin / Wednesday , February 26 2025
CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, urging organizations to quickly patch their systems to...
Read More
CISA Alerts For Active Exploited Zimbra and Microsoft flaw

200 Fake GitHub Repos Attacking Developers to Deliver Malware

By infosecbulletin / Tuesday , February 25 2025
A new cyber campaign called GitVenom poses a serious risk to developers. Security researchers found over 200 fake GitHub repositories...
Read More
200 Fake GitHub Repos Attacking Developers to Deliver Malware

Renew Dubai visa within minutes with AI-powered Salama

By infosecbulletin / Tuesday , February 25 2025
Residents of Dubai can now easily renew their visas with the new AI-powered digital platform launched by the General Directorate...
Read More
Renew Dubai visa within minutes with AI-powered Salama

“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” Apple said today.

According to the company’s official documentation, Core Media “defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.”

Apple has addressed CVE-2024-23222 by enhancing memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.

Many devices are affected by this zero-day bug, including both older and newer models.

iPhone XS and later,
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
macOS Sequoia
Apple Watch Series 6 and later
Apple TV HD and Apple TV 4K (all models)

Apple has not credited any security researcher for finding this vulnerability and has not shared details about any ongoing attacks, although it confirmed that it is being exploited.

While this zero-day bug was likely only exploited in targeted attacks, it is highly advised to install today’s security updates as soon as possible to block potentially ongoing attack attempts.

DeepSeek Hit by massive Cyber Attack, Limits Registrations

Check Also

200 Fake GitHub

200 Fake GitHub Repos Attacking Developers to Deliver Malware

A new cyber campaign called GitVenom poses a serious risk to developers. Security researchers found …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin