CISA adds Apple vulnerability CVE-2025-24085 to KEV Catalog

CISA adds Apple vulnerability CVE-2025-24085 to KEV Catalog


CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2025-24085 is a critical zero-day vulnerability identified in Apple’s Core Media framework. This framework is integral to the media processing pipeline used by AVFoundation and other high-level media frameworks across Apple’s product ecosystem. This vulnerability enables malicious applications to potentially gain elevated privileges on affected devices, posing a significant security risk.

The vulnerability originates from a flaw in Apple’s Core Media framework, which handles various media processing tasks. An issue in memory management within this framework allows a malicious application to exploit the vulnerability and execute arbitrary code with elevated privileges. This could lead to unauthorized access to system resources, data theft, or further malicious activities.

CISA set deadline as 19 February 2025 for federal agencies to remediate the vulnerability.

For more details, refer to the earlier published blog

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.