Apple releases iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3, fixing multiple flaws, one actively exploited

Apple has released significant security updates addressing multiple vulnerabilities across their operating systems.

The most urgent vulnerability is a critical zero-day actively exploited issue tracked as CVE-2025-24085 (CVSS score 7.8) that is being actively exploited in the wild. This vulnerability exists in Apple's Core Media framework and allows privilege escalation through a use-after-free issue that has been addressed with improved memory management.

Apple has confirmed active exploitation against versions of iOS prior to iOS 17.2. Impacted Devices:

• iOS/iPadOS devices: iPhone XS and later, iPad Pro (all recent models), iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later
• macOS devices: All devices running macOS Sequoia
• Other devices: Apple Watch Series 6 and later, Apple TV HD and Apple TV 4K (all models)

The updates also address other vulnerabilities across different components, including:

• CVE-2025-24137 - Remote code execution vulnerability in AirPlay that could allow attackers to execute arbitrary code
• CVE-2025-24159 - Kernel vulnerability allowing arbitrary code execution with kernel privileges
• CVE-2025-24107 - Multiple kernel vulnerabilities allowing root privilege escalation
• CVE-2025-24154 - WebContentFilter vulnerability enabling system termination and kernel memory corruption
• CVE-2025-24104 - Managed Configuration vulnerability allowing modification of protected system files

Users are strongly advised to update their devices immediately to the latest versions of the operating systems:

• iOS 18.3
• iPadOS 18.3
• macOS Sequoia 15.3
• watchOS 11.3
• visionOS 2.3
• tvOS 18.3