FlagThis

Apple has released security updates to address actively exploited zero-day vulnerabilities impacting older iPhones and Macs. The patches aim to fix flaws that could allow malicious actors to elevate privileges or execute arbitrary code on affected devices. These updates address CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, and are now available for iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.

The vulnerabilities include a use-after-free bug in the Core Media component (CVE-2025-24085), an authorization issue in the Accessibility component (CVE-2025-24200), and an out-of-bounds write issue in the WebKit component (CVE-2025-24201). Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025. CVE-2025-24200 specifically allowed attackers with physical access to locked devices to disable USB Restricted Mode. Users of older devices, including iPhone 6s, iPhone 7, iPhone 8, iPhone X, iPad Air 2, and various iPad Pro models, are urged to update their systems to safeguard against potential threats.

ImgSrc: securityaffairs

References :

• securityaffairs.com: Apple backported fixes for three actively exploited flaws to older devices
• The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
• BleepingComputer: Apple backports zero-day patches to older iPhones and Macs
• The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
• thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update

Classification:

• HashTags: #Apple #SecurityUpdates #ZeroDay
• Company: Apple
• Target: Apple Users
• Product: iOS, macOS
• Feature: Security Updates
• Type: 0Day
• Severity: Major