CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
Apple released a substantial set of security updates on March 31st, 2025, addressing a total of 145 vulnerabilities across its product ecosystem, including iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode. Notably absent from this update was watchOS. The updates included backported fixes for three actively exploited zero-day vulnerabilities, specifically targeting older iOS and iPadOS versions. These vulnerabilities had already been addressed in more recent versions a few weeks prior.
The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.
ImgSrc: securityaffairs
References :
The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.
ImgSrc: securityaffairs
Share:
References :
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- securityaffairs.com: Apple backported fixes for three actively exploited flaws to older devices
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
- The Hacker News: Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
- CyberInsider: Apple Backports Zero-Day Fixes to Older iOS and macOS Versions
- Full Disclosure: APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4
- Security | TechRepublic: Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities
Classification:
- HashTags: #AppleSecurity #ZeroDay #PatchNow
- Company: Apple
- Target: Apple users
- Product: iOS, iPadOS, macOS
- Feature: Security Patches
- Type: ProductUpdate
- Severity: Major