Apple releases iOS 18.3 with critical security fixes for CoreMedia vulnerability, among others

iOSiPhone

Apple has issued a critical security update with the release of iOS 18.3, addressing a zero-day vulnerability actively exploited by hackers. The flaw, tracked as CVE-2025-24085, impacts iPhones, iPads, and other Apple devices, underscoring the importance of installing this update immediately.

Privacy and security

The CoreMedia vulnerability

The security loophole stems from a flaw in Apple’s CoreMedia framework, which processes multimedia files. Known as a “use-after-free” bug, this vulnerability allowed malicious applications to elevate system privileges, posing a significant risk to affected devices. Apple’s advisory indicates that the flaw may have been exploited for over a year, targeting devices running iOS versions prior to 17.2, released in December 2023.

Hackers likely leveraged this bug through fake apps designed to manipulate media files, potentially targeting high-value individuals. Although Apple has not disclosed details about the attacks or their scope, the prolonged exploitation period highlights the vulnerability’s severity.

Devices affected

The vulnerability affects a broad range of Apple devices, including:

  • iPhones: All models from the iPhone XS onward.
  • iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
  • Macs: Systems running macOS Sequoia 15.3 and earlier.
  • Apple Watches: Series 6 and newer.
  • Apple TV: HD and 4K models.
  • Vision Pro: Apple’s flagship headset.

Other vulnerabilities addressed in iOS 18.3

In addition to the CoreMedia flaw, iOS 18.3 resolves multiple other security issues, including:

  • Photos App exploit: Attackers with physical access could bypass lock screen protections to access private photos.
  • AirPlay vulnerabilities: Bugs enabling malicious code execution and app crashes have been patched.
  • Kernel-Level issues: Exploits that allowed apps to gain root privileges have been fixed, enhancing system integrity.
  • WebKit bugs: Vulnerabilities affecting Safari’s web engine have been resolved, improving browsing security.

Why You Should Update Now

This marks Apple’s first zero-day patch of the year, emphasizing the urgency of the update. With over 20 vulnerabilities addressed across its platforms, the iOS 18.3 update significantly enhances device security.

Users are advised to enable automatic updates or manually install the patch by navigating to Settings > General > Software Update.

About the Author

Asma is an editor at iThinkDifferent with a strong focus on social media, Apple news, streaming services, guides, mobile gaming, app reviews, and more. When not blogging, Asma loves to play with her cat, draw, and binge on Netflix shows.