Bill Mann@CyberInsider
//
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.
Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.
Recommended read:
References :
- bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
- CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
- isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
- The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
- bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
- securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
- The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Pierluigi Paganini@Security Affairs
//
Apple released a substantial set of security updates on March 31st, 2025, addressing a total of 145 vulnerabilities across its product ecosystem, including iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode. Notably absent from this update was watchOS. The updates included backported fixes for three actively exploited zero-day vulnerabilities, specifically targeting older iOS and iPadOS versions. These vulnerabilities had already been addressed in more recent versions a few weeks prior.
The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.
Recommended read:
References :
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- securityaffairs.com: Apple backported fixes for three actively exploited flaws to older devices
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
- The Hacker News: Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
- CyberInsider: Apple Backports Zero-Day Fixes to Older iOS and macOS Versions
- Full Disclosure: APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4
- Security | TechRepublic: Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities
MSSP Alert@MSSP feed for Latest
//
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).
Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.
Recommended read:
References :
- The DefendOps Diaries: Apple's Swift Response to WebKit Zero-Day Vulnerability: CVE-2025-24201
- BleepingComputer: Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
- securityaffairs.com: Apple fixed the third actively exploited zero-day of 2025
- CyberInsider: Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
- Threats | CyberScoop: Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.
- techcrunch.com: The flaw was in the browser engine WebKit, used by Safari and other apps.
- bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- infosec.exchange: NEW: Apple patched a zero-day in WebKit that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.� This is second time, AFAICT, that Apple uses the "extremely sophisticated" phrase for a patched bug.
- The Hacker News: Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
- www.csoonline.com: Apple patches zero-day bugs used in targeted iPhone attacks
- Blog: FieldEffect blog post on apple-emergency-update-extremely-sophisticated-zero-day.
- www.infosecurity-magazine.com: iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
- MSSP feed for Latest: Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine
- Malwarebytes: Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks�
- SOC Prime Blog: CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
- bsky.app: Apple pushed additional updates for a zero-day that may have been actively exploited.
- ApplSec: Apple pushed updates for a new zero-day that may have been actively exploited.
- iThinkDifferent: iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.2 released with critical WebKit security fix
- www.zdnet.com: Apple is patching a vulnerability in iPhones and iPads that could be exploited in "extremely sophisticated" attacks. The vulnerability, dubbed CVE-2025-24201, was found in , Apple's open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It
- bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. � CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
- bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. � CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
- Rescana: Apple Urgently Patches CVE-2025-24201 Zero-Day in iOS, iPadOS, macOS, visionOS, and Safari amid Attacks
- PCMag UK security: Update Now: Apple Rolls Out Fix for 'Extremely Sophisticated' Zero-Day Bug
- eWEEK: Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticated� cyber attacks.
@cyberscoop.com
//
The Chinese nation-state hacking group Salt Typhoon, despite facing US sanctions, continues to actively target telecommunications providers. Between December 2024 and January 2025, Recorded Future observed Salt Typhoon breaching five telecom firms, including a US-based affiliate of a UK telecom provider, a US internet service provider, and companies in Italy, South Africa, and Thailand. The group also performed reconnaissance on a Myanmar-based telecom provider.
Salt Typhoon exploited vulnerabilities in Cisco IOS XE software, specifically CVE-2023-20198 and CVE-2023-20273, to compromise unpatched Cisco devices. They attempted to compromise over 1,000 Cisco routers globally, focusing on those within telecom networks. Additionally, Salt Typhoon targeted universities, including the University of California and Utah Tech, potentially seeking access to research related to telecommunications and engineering.
Recommended read:
References :
- cyberscoop.com: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- The Register - Security: More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
- Carly Page: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions. Recorded Future says Salt Typhoon breached five firms between December and January, including a US affiliate of a prominent UK provider and a US-based ISP
- techcrunch.com: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions.
- www.wired.com: Wired's coverage of Salt Typhoon's ongoing hacking activities.
- Threats | CyberScoop: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- cyberinsider.com: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- securebulletin.com: RedMike (Salt Typhoon) continues global Telecom attacks
- CyberInsider: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- Secure Bulletin: Report on RedMike's continued attacks on telecom providers.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks [exp] [net]
- Talkback Resources: Chinese state-sponsored APT group Salt Typhoon targets telecommunications providers and universities by exploiting Cisco vulnerabilities, creating privileged accounts, bypassing firewalls, and exfiltrating data using GRE tunnels, prompting organizations to patch devices, enforce access controls, and monitor for unauthorized changes.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- PCMag UK security: China's Salt Typhoon Spies Are Still Eavesdropping on Global Networks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks – Source: www.securityweek.com
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- BleepingComputer: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
- industrialcyber.co: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- securityonline.info: Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt Typhoon).
- Industrial Cyber: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- SecureWorld News: Salt Typhoon Expands Espionage Campaign, Targets Cisco Routers
- Cisco Talos Blog: Weathering the storm: In the midst of a Typhoon
- cyberscoop.com: Cisco Talos observed the campaign targeting major U.S. telecommunication companies and observed the attackers primarily used legitimate login credentials to gain initial access, making detection and prevention difficult.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
@Full Disclosure
//
Apple has released security updates, iOS 18.3.1 and iPadOS 18.3.1, to address a vulnerability in USB Restricted Mode. The company warns that this flaw "may have been exploited in an extremely sophisticated attack against specific targeted individuals." This unusually strong language from Apple suggests the seriousness of the threat, as they typically use more reserved terms when describing exploited vulnerabilities. Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School reported the flaw.
The vulnerability, identified as CVE-2025-24200, allows a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature introduced in iOS 11.4.1 that prevents USB accessories from accessing a device's data if it hasn't been unlocked for an hour. The new updates patch this flaw, preventing attackers from turning off the security feature. Users are advised to update their devices to iOS 18.3.1, iPadOS 18.3.1 or iPadOS 17.7.5 to mitigate the risk.
Recommended read:
References :
- The Register - Security: Apple patch addresses the 'extremely sophisticated attack'.
- www.engadget.com: Information about Apple patching a vulnerability allowing for 'extremely sophisticated attack'.
|
|