Apple Security Update: Zero-Day CVE-2025-24085 Patch Released
Apple Security Update: Zero-Day CVE-2025-24085 Patch Released
Apple Security Update: Zero-Day CVE-2025-24085 Patch Released
Information
Apple is a multinational technology company known for its innovative hardware, software, and services. Founded in 1976, it has become one of the world's most valuable companies.
highlights about Apple:
Products: iPhone, iPad, Mac, Apple Watch, and Apple TV.
Software: iOS, macOS, watchOS, tvOS, and visionOS.
Services: App Store, iCloud, Apple Music, Apple Pay, and Apple Arcade.
Innovation: Renowned for its design, security, and user experience.
Incident :
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple's Core Media framework.
"A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," Apple said today.
Apple has fixed CVE-2024-23222 with improved memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.
The list of devices impacted by this zero-day is quite extensive, as the bug affects older and newer models, including:
- iPhone XS and later,
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- macOS Sequoia
- Apple Watch Series 6 and later
Apple TV HD and Apple TV 4K (all models)
Solution :
The vulnerability affects a wide array of Apple operating systems. The affected products and versions are listed below:
|
Product |
Affected Versions |
Fixed Versions |
|
iOS |
Versions prior to 18.3 |
18.3 |
|
iPadOS |
Versions prior to 18.3 |
18.3 |
|
macOS |
Versions prior to 15.3 (Sequoia) |
15.3 |
|
watchOS |
Versions prior to 11.3 |
11.3 |
|
tvOS |
Versions prior to 18.3 |
18.3 |
|
visionOS |
Versions prior to 2.3 |
2.3 |
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)
References :
- https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/
- https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html?m=1
- https://nvd.nist.gov/vuln/detail/CVE-2025-24085
- https://support.apple.com/en-us/122066
- https://thesecmaster.com/blog/how-to-fix-cve-2025-24085-privilege-escalation-vulnerability-in-apple-devices
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2025-21571 |
21/1/2025 |
21/1/2025 |
Oracle |
Local Privilege Escalation |
7.3 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox |
Update to the latest patch version. |
https://vuldb.com/?id.292856 |
| 2 |
CVE-2025-21521 |
21/1/2025 |
22/1/2025 |
Oracle |
Improper authentication |
7.5 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. |
Update to the latest patch version. |
https://app.opencve.io/cve/CVE-2025-21521 |
| 3 |
CVE-2024-2551 |
14/11/2024 |
24/01/2025 |
Paloaltonetworks |
Denial of Service (DoS) |
8.7 |
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. |
This issue is fixed in |
https://app.opencve.io/cve/CVE-2024-2551 https://nvd.nist.gov/vuln/detail/CVE-2024-2551 |
| 4 |
CVE-2024-6484 |
11/7/2024 |
23/1/2025 |
Bootstrap |
Cross-Site Scripting (XSS) |
6.4 |
An anchor element (<a>), when used for carousel navigation with a data-slide or data-slide-to attribute, can contain an href attribute value that is not subject to proper content sanitization. Improper extraction of the intended target carousel’s #id from the href attribute can lead to use cases where the click event’s preventDefault() is not applied and the href is evaluated and executed. As a result, restrictions are not applied to the data that is evaluated, which can lead to potential XSS vulnerabilities. |
Migrate to a newer version of Bootstrap. |
https://www.herodevs.com/vulnerability-directory/cve-2024-6484 |
| 5 |
CVE-2024-31492 |
10/4/2024 |
23/1/2025 |
Fortinet |
File inclusion |
7.8 |
An external control of file name or path vulnerability [CWE-73] in FortiClientMac's installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. |
Upgrade to 7.2.4 or above |
https://app.opencve.io/cve/CVE-2024-31492 |
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks |
23/01/2025 |
Malware, phishing |
Cybersecurity researchers have warned about a new malware campaign that uses fake CAPTCHA verification pages to distribute Lumma Stealer malware. This attack targets victims globally, including those in Argentina, Colombia, the United States, and the Philippines, with the telecommunications industry being the most affected. The attack begins when victims visit compromised websites that redirect them to fake CAPTCHA verification pages. These pages prompt users to copy and paste commands into the Windows Run dialog box. The command utilizes mshta.exe to download and execute an HTA file from a remote server. This HTA file runs multiple PowerShell scripts to evade detection and ultimately loads the Lumma Stealer malware. Lumma Stealer is a malware operating under the Malware-as-a-Service (MaaS) model and has been widely used in recent months. Additionally, it spreads through fake domains impersonating websites like Reddit and WeTransfer to trick users into downloading malicious files.Users are advised to remain cautious when encountering suspicious CAPTCHA verification pages and avoid copying commands or running unknown scripts to prevent malware infections. |
|
Ref:https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html
11 February 2025
Viewed 46 time
