Subj : Apple security alert - zero-day patched, so update your devices n To : All From : TechnologyDaily Date : Tue Jan 28 2025 12:15:07 Apple security alert - zero-day patched, so update your devices now Date: Tue, 28 Jan 2025 12:04:00 +0000 Description: Security bug affects most Apple products, and is being abused right now, so patch up. FULL STORY ======================================================================Apple warns users about use-after-free vulnerability being exploited in the wild It affects most products, including iPhones, watches, TVs, and more A patch is already available, so update now Apple has released a patch for its first zero-day of 2025, fixing CVE-2025-24085, a use-after-free flaw affecting the CoreMedia component. CoreMedia is a framework in Apple's ecosystem that handles multimedia. It is important for the playback, processing, and management of both audio and video files, and is found in devices powered by macOS, iOS, iPadOS, tvOS, and watchOS. A use-after-free (UAF) flaw is a type of memory vulnerability that occurs when a program continues to use a memory location after it has been freed (deallocated). This can result in unpredictable behavior, such as crashes, data corruption, or execution of malicious code. Attackers can exploit UAF by manipulating the memory space to insert malicious payloads, which the program may execute when it accesses the freed memory. Patching things up The issue affects multiple Apple products: iPhones, iPads, macs, TVs, Vision Pro, and watches. The company said it was being exploited in the wild as a zero-day, but at this time, it did not share any details - although the bug could be exploited through a rogue app, which could grant the attackers more control over the target system. The relative silence is regular practice for Apple, since it wants to give its users enough time to apply the patch, without tipping potential threat actors off on a new attack avenue. Speaking of the patch, Apple product users should make sure their devices are updated to the following: iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. "A malicious application may be able to elevate privileges," Apple said in a security advisory. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. Via The Register You might also like Apple forced to patch iOS and macOS security flaw that could have leaked your private info Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/apple-security-alert-zero-day-patched-s o-update-your-devices-now --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .