Apple Releases Security Updates to Fix Three Actively Exploited Zero-Day Vulnerabilities in iOS and macOS

Apple has released critical security updates to address three zero-day vulnerabilities actively exploited in the wild, extending these fixes to older iOS and macOS devices. The vulnerabilities, identified as CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201, pose significant security risks, including privilege escalation and sandbox escapes.

Affected Devices and Software Versions:

• iOS 15.8.4 and iPadOS 15.8.4: Compatible with iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
• iOS 16.7.11 and iPadOS 16.7.11: Supports iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
• iPadOS 17.7.6: Applicable to iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.​

Details of the Vulnerabilities:

1. CVE-2025-24085 (CVSS score: 7.3): A use-after-free flaw in the Core Media component that could allow a malicious application to escalate privileges on the device.​
2. CVE-2025-24200 (CVSS score: 4.6): An authorization issue in the Accessibility component, potentially enabling an attacker to disable USB Restricted Mode on a locked device, facilitating physical cyber attacks.​
3. CVE-2025-24201 (CVSS score: 8.8): An out-of-bounds write issue in the WebKit component, allowing crafted web content to execute code outside the Web Content sandbox.​

Impact and Exploitation:

These vulnerabilities have been confirmed to be under active exploitation, posing significant risks to affected devices. Exploitation could lead to unauthorized access, data compromise, and further malicious activities.​

Mitigation Steps:

Apple has released patches for these vulnerabilities in the following software versions:​

• CVE-2025-24085: Fixed in macOS Sonoma 14.7.5, macOS Ventura 13.7.5, and iPadOS 17.7.6.​
• CVE-2025-24200 and CVE-2025-24201: Addressed in iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, and iPadOS 16.7.11.​

Users are strongly advised to update their devices to these latest versions to protect against potential exploits.​

Expert Opinions:

Cybersecurity experts emphasize the importance of timely updates, especially when vulnerabilities are known to be actively exploited. Regularly updating devices ensures protection against known threats and enhances overall security posture.​

Conclusion:

Apple’s proactive approach in backporting fixes to older devices underscores its commitment to user security across its product range. Users should promptly apply these updates to mitigate risks associated with these vulnerabilities.