Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Actively Exploited Vulnerability in Apple Products

28 January 2025

Apple has released security updates addressing a vulnerability (CVE-2025-24085) which is a privilege escalation security flaw in Apple's Core Media framework. This vulnerability is reportedly being actively exploited.

Successful exploitation of this vulnerability could allow a malicious application to elevate privileges. 

The vulnerability has been fixed in the following devices and operating system versions:

  • IOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

  • macOS Sequoia 15.3 - Macs running macOS Sequoia

  • tvOS 18.3-Apple TV HD and Apple TV 4K (all models)

  • visionOS 2.3 - Apple Vision Pro

  • watchOS 11.3 - Apple Watch Series 6 and later

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://support.apple.com/en-gb/122066

https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/

https://nvd.nist.gov/vuln/detail/CVE-2025-24085

Back to top