Apple has recently addressed a significant security vulnerability in iOS, tracked as CVE-2025-24085, which had been exploited by hackers for over a year. This zero-day flaw, affecting iPhones from the XS model onward, allows malicious apps to bypass security protocols by manipulating the Core Media framework.
The vulnerability stems from a memory corruption error, enabling attackers to execute unstable code and gain elevated privileges. Reports indicate that the flaw was weaponized through apps disguised as legitimate media players, potentially targeting high-value individuals such as activists and journalists.
In response, Apple has rolled out fixes across its ecosystem, including iOS 18.3 and other platforms. Users are urged to update their devices to iOS 17.2 or later to protect against this vulnerability.
This incident highlights the importance of regular software updates, as hackers continuously seek out security gaps. Users are advised to remain vigilant by downloading apps solely from the App Store, enabling lockdown mode for added security, and employing strong antivirus software.