Patch Your iPhone! iOS 18.3 Fixes Bug Exploited by Hackers

Apple is rolling out updates across its product line to address dozens of security weaknesses, including one that bad actors have already exploited.

A 'zero-day' flaw

Researchers have discovered a new “zero-day” vulnerability in Apple devices—one that criminals may have already exploited, according to the latest security advisory from Cupertino, California.

A zero-day is a security flaw that hackers have discovered but that the vendor has not yet identified—and therefore, has no official fix or patch. Cybercriminals can exploit it easily before developers have a chance to address the vulnerability, making “zero-day” attacks particularly dangerous.

Tracked as CVE-2025-24085, one such weakness has recently been discovered in the CoreMedia component shared by several Apple products. According to the advisory from Apple, it can be exploited to elevate privileges on the target device, potentially leading to further compromise of security.

“A malicious application may be able to elevate privileges,” the advisory notes.

More importantly, “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” according to the notice.

Several Apple products affected

The flaw is exploitable not only on iPhones but also on iPads, Macs running macOS Sequoia, the Apple Vision headgear, the Apple Watch, and Apple TV.

The updates that fix it, available as of this week, are:

· iOS 18.3 and iPadOS 18.3 – available for iPhone XS and newer, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and newer, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and newer, iPad 7th generation and newer, and iPad mini 5th generation and newer models

· macOS Sequoia 15.3 – available for all Macs on Sequoia

· watchOS 11.3 – available for Apple Watch Series 6 and newer models

· tvOS 18.3 – available for Apple TV HD and Apple TV 4K (all models)

· visionOS 2.3 – available for Apple Vision Pro

The updates address dozens more vulnerabilities across the designated products, with only the CoreMedia flaw labeled as particularly exploitable.

As usual, Apple holds back the technicalities pertaining to a successful exploit of this newfound bug. Instead, it offers the usual warning that hackers know of this issue, meaning users should make this update a priority.

Zero-day flaws are typically used by spyware developers and sold to eager buyers.

Read: Thai Court Rejects Spyware Allegations from Activist Jatupat Boonpattararaksa

Read: Pegasus Spyware Under Fire: Court Docs Claim NSO Group Kept Infecting Celebs, Including a Dubai Princess, as Tech Giants Fought to Take It Down

Additional security fixes for older OSes/devices

This week’s rollout doesn’t just address this nasty flaw that attackers might use in targeted attacks:

Apple also offers iPadOS 17.7.4, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, and Safari 18.3 as the latest bug-free versions of these products, addressing the latest issues found by researchers.

As always, Bitdefender recommends users prioritize software updates – especially when they include fixes for vulnerabilities that attackers might be actively exploiting.

Remember to keep the trusty Lockdown Mode toggle handy if you believe hackers might be targeting you.

For peace of mind, run a dedicated security solution on all your personal devices.