Apple released the latest updates for its iPhone, iPad and Mac operating systems on Monday, which included switching on Apple Intelligence by default for newer devices. 

As part of this batch of software updates, Apple also released several patches fixing security bugs, including a zero-day bug that “may have been actively exploited” — meaning hackers were using it to compromise devices — against users with iPhones running software older than iOS 17.2, which was released in December 2023. 

The bug was found in Core Media, the media engine that powers a range of Apple devices, and is now fixed across its product line, including iPhones, iPads, Macs, Apple TVs, Apple Watches, and its mixed-reality headset Vision Pro. Apple said hackers could have “elevated privileges” by exploiting a memory corruption bug, which would have allowed broader access to a device’s data.

Apple did not credit the bug discovery to any researcher, as it customarily — but not always — does. A spokesperson for Apple did not immediately comment asking for more details about who exploited the bug and against whom.

This is the first bug found in iOS this year that was exploited in the wild. For reference, Apple fixed at least seven bugs that “may have been actively exploited” in 2024, according to TechCrunch’s running tally. 

View Bio