Apple has released critical security updates that address three zero-day vulnerabilities actively exploited in previous versions of its operating systems.
CVE-2025-24200
The initial vulnerability, coded as CVE-2025-24200, has been resolved in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4.
CVE-2025-24200 enables a physical attacker to deactivate USB Restricted Mode on an Apple device. This particular security protocol is intended to prevent unauthorized data access through the USB port after the iPhone or iPad remains locked for more than an hour.
Apple has suggested that CVE-2025-24200 could have been exploited in a highly sophisticated attack against specific individuals, possibly pointing towards state-sponsored entities looking to monitor high-profile targets like governmental figures, reporters, or top corporate leaders. While the patch was initially introduced on February 10 in iOS 18.3.1, iPadOS 18.3.1, and iPad 17.7.5, the vulnerability persisted in older OS versions until the recent updates.
SEE: Noteworthy Zero-Day Vulnerabilities Identified in Various VMware Products
CVE-2025-24201
The second flaw, documented as CVE-2025-24201, has also been rectified in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4.
This particular issue is present in WebKit, the rendering engine used by Safari for displaying web content. It permits malicious code operating within the Web Content sandbox— an isolated setting meant to contain browser-related risks— to break free and compromise wider system components.
CVE-2025-24201 was initially tackled in iOS 17.2 towards the end of 2023, followed by a supplemental update in iOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. The bug has now been retroactively fixed in iOS and iPadOS versions 15 and 16.
CVE-2025-24085
CVE-2025-24085, the third vulnerability, has been addressed in iPadOS 17.7.6, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.
This use-after-free flaw is situated in Apple’s Core Media, the framework handling media-related operations such as audio and video playback in applications. It lets attackers take control of deallocated memory and repurpose it to run privileged malicious commands.
Initially patched in January, with iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3, Apple has now extended the resolution to older platforms.
Other weaknesses were mitigated in iOS 18.4
Accompanying new Apple Intelligence attributes and emojis, iOS 18.4 — rolled out recently — incorporates corrections for further vulnerabilities, such as:
- CVE-2025-30456: An issue in the DiskArbitration framework that enabled apps to elevate their permissions to root level.
- CVE-2025-24097: A flaw in AirDrop that permitted unauthorized apps to retrieve file metadata like creation timestamps or user information.
- CVE-2025-31182: A weakness in the libxpc framework, allowing apps to delete arbitrary files on the device.
- CVE-2025-30429, CVE-2025-24178, CVE-2025-24173: Bugs that permitted apps to escape the sandbox in Calendar, libxpc, and Power Services, correspondingly.
- CVE-2025-30467: A vulnerability in Safari that could enable deceitful websites to fake the address bar.
Apple advocates for immediate device updates to shield against potential exploitation of these now-exposed vulnerabilities. While many users will receive automated update notifications, manual upgrades can be executed via Settings, General, and then Software Update.
About Author
