Apple Releases iOS 18.3 and Other Updates to Fix Security Flaws
Apple has rolled out software updates to fix several security issues, including a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild. This flaw, found in the Core Media component, allowed malicious apps already installed on devices to gain higher privileges.
According to Apple, this issue may have been used against devices running iOS versions before 17.2. The fix involves improved memory management and applies to the following:
- iOS 18.3 and iPadOS 18.3: Supported on iPhone XS and newer, iPad Pro (13-inch, 12.9-inch 3rd gen+), iPad Pro 11-inch (1st gen+), iPad Air (3rd gen+), iPad (7th gen+), and iPad mini (5th gen+).
- macOS Sequoia 15.3: For Macs running macOS Sequoia.
- tvOS 18.3: Covers Apple TV HD and all Apple TV 4K models.
- visionOS 2.3: For the Apple Vision Pro.
- watchOS 11.3: Supported on Apple Watch Series 6 and newer.
Additional fixes include resolving five AirPlay flaws reported by Uri Katz from Oligo Security and three CoreAudio vulnerabilities reported by Google’s Threat Analysis Group (TAG). These could cause app crashes, denial-of-service (DoS), or arbitrary code execution when processing certain files.
As usual, Apple hasn’t shared detailed information on how these vulnerabilities were exploited, who was targeted, or by whom. Users are strongly advised to update their devices to stay protected.