Apple Fixes Zero-Day Affecting iOS Devices
Summary
Technical Description
Apple is aware of a report that this issue may have been actively exploited in versions of iOS prior to iOS 17.2. These vulnerabilities affect various Apple devices and could lead to potential exploits in several areas. The problem has been addressed with improved memory management in a wide range of devices and operating systems.
AirPlay Security Flaws
Apple AirPlay is a wireless streaming feature that allows users to share audio, video, and screen content between Apple devices. It enables seamless media casting from an iPhone, iPad, or Mac to compatible devices like Apple TVs and smart speakers. AirPlay uses Wi-Fi or Bluetooth for high-quality, lag-free transmission.
The updates also address five security flaws in AirPlay. All of which were reported by Oligo Security researcher Uri Katz. These flaws can be exploited by an attacker to cause unexpected system failure, denial-of-service (DoS) or arbitrary code execution under certain circumstances.
CoreMedia and CoreAudio Flaws
CoreMedia is a framework in iOS and macOS that handles the processing and management of media data, including video, audio, and time-based content. CoreAudio is a low-level API responsible for handling audio input/output, providing high-performance sound processing and playback across Apple devices. The CoreMedia and CoreAudio components also contain critical vulnerabilities that could lead to unexpected app terminations.
Google’s Threat Analysis Group (TAG) discovered three vulnerabilities in the CoreAudio component. TAG also reported those, as CVE-2025-24160, CVE-2025-24161 and CVE-2025-24163. These can lead to unexpected termination of an application when processing a specially crafted file.
Kernel-Level Vulnerabilities
iOS 18.3 addresses two major kernel-level vulnerabilities. One involves a permissions issue that could let malicious apps gain root privileges, while the other is a validation flaw that could allow apps to execute arbitrary code with kernel-level access. These vulnerabilities pose a significant threat to system integrity, enabling potential full system compromise. The iOS 18.3 update introduces tighter restrictions and improved logic to reduce the risk of privilege escalation.
WebKit and Safari Issues
WebKit and Safari, key components for web browsing on iOS and iPadOS, contained several vulnerabilities that could let malicious websites spoof user interfaces, trigger denial-of-service attacks, and compromise user privacy. WebKit, in particular, had flaws enabling fingerprinting and address bar spoofing. Apple addressed these issues with enhanced access controls, improved memory management, and redaction of sensitive information to better protect user privacy and prevent such attacks.
Conclusion
The latest software updates address vulnerabilities across a range of Apple devices, including iPhones, iPads, Macs, Apple TVs, the Vision Pro headset, and the Apple Watch. Users of iPhones (iPhone XS and later) and various iPad models are advised to update to iOS 18.3 or iPadOS 18.3. Mac users with macOS Sequoia should upgrade to version 15.3, while Apple Watch users need to install watchOS 11.3 to mitigate these risks. The updates also fix five security flaws in AirPlay, preventing potential system crashes or arbitrary code execution. Additionally, the Google Threat Analysis Group helped identify three vulnerabilities in the CoreAudio component.
Impact
iOS 18.3 and iPadOS 18.3 address critical vulnerabilities, including risks of unauthorized access, privilege escalation, and denial-of-service attacks that could lead to data leaks or app crashes. These flaws could allow attackers to execute arbitrary code or elevate privileges, compromising device security. Apple has released patches to protect devices from these threats, including a zero-day vulnerability. Users should update their devices promptly to strengthen security and safeguard personal data. Additionally, practicing good security habits like enabling two-factor authentication and using strong passwords helps protect against evolving cyber threats.
IOC and Context Details
| Topics | Details |
|---|---|
| Tactic Name | NA |
| Technique Name | NA |
| Sub Technique Name | NA |
| Attack Type | Zero Day Vulnerability |
| Targeted Applications | Apple OS |
| Region Impacted | Global |
| Industry Impacted | All |
| IOC’s | NA |
| CVE | CVE-2025-24161, CVE-2025-24160, CVE-2025-24141,
CVE-2025-24163, CVE-2025-24086, CVE-2025-24085,
CVE-2025-24162, CVE-2025-24143, CVE-2025-24123,
CVE-2025-24145, CVE-2025-24166, CVE-2025-24158,
CVE-2025-24113, CVE-2025-24137, CVE-2025-24159,
CVE-2025-24117, CVE-2025-24150, CVE-2025-24154,
CVE-2025-24131, CVE-2025-24177, CVE-2024-9956,
CVE-2025-24124, CVE-2025-24127, CVE-2025-24149,
CVE-2025-24126, CVE-2025-24104, CVE-2025-24129,
CVE-2025-24107, CVE-2025-24128
|
Topics | Details |
|
|
Recommended Actions
- Update iOS and iPadOS devices to version 18.3 immediately to secure against the identified vulnerabilities.
- macOS Sequoia 15.3 – Macs running macOS Sequoia
- tvOS 18.3 – Apple TV HD and Apple TV 4K (all models)
- visionOS 2.3 – Apple Vision Pro
- watchOS 11.3 – Apple Watch Series 6 and later
- Ensure that all apps are updated to their latest versions to mitigate the risk of exploitation
through these vulnerabilities.
- Use network security measures, especially on untrusted networks, to prevent AirPlay related attacks.
- Review device logs for any unusual activity that may indicate previous exploitation attempts.
- Regularly back up important data to prevent loss in case of exploitation or data corruption.