Pierluigi Paganini April 02, 2025

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models.

Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions.

The three vulnerabilities are:

• CVE-2025-24085 (CVSS score: 7.3) – In January, Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085, actively exploited in attacks targeting iPhone users. The vulnerability is a privilege escalation vulnerability that impacts the Core Media framework. The Apple Core Media framework supports multimedia tasks like playback, recording, and manipulation of audio and video on iOS and macOS devices. The company addressed the use-after-free issue with improved memory management.

• CVE-2025-24200 (CVSS score: 4.6) – In February, Apple released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24200, that the company believes was exploited in “extremely sophisticated” targeted attacks. An attacker could have exploited the vulnerability to disable the USB Restricted Mode “on a locked device.” Apple’s USB Restricted Mode is a security feature introduced in iOS 11.4.1 to protect devices from unauthorized access via the Lightning port. The USB Restricted Mode disables the data connection of the iPhone’s Lightning port after a specific interval of time, but it doesn’t interrupt the charging process. Any other data transfer would require the user to provide the passcode. The IT giant fixed the vulnerability with improved state management.

• CVE-2025-24201 (CVSS score: 8.8) – In March, Apple released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24201, in the WebKit cross-platform web browser engine. The vulnerability is an out-of-bounds write issue that was exploited in “extremely sophisticated” attacks. An attacker can exploit the vulnerability using maliciously crafted web content to escape the Web Content sandbox. Apple released this fix as an additional measure after blocking a similar attack in iOS 17.2.

Apple released the following updates:

• CVE-2025-24085 – macOS Sonoma 14.7.5, macOS Ventura 13.7.5, and iPadOS 17.7.6
• CVE-2025-24200 – iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, and iPadOS 16.7.11
• CVE-2025-24201 – iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, and iPadOS 16.7.11

that are available for the following devices:

• iOS 15.8.4 and iPadOS 15.8.4 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
• iOS 16.7.11 and iPadOS 16.7.11 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
• iPadOS 17.7.6 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)