Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
The updates remediate a series of high-risk issues that could allow attackers to execute arbitrary code, access protected data, or compromise device security through malicious content or apps.
Among the most critical fixes is CVE-2025-24085, a use-after-free vulnerability in CoreMedia that allowed malicious applications to elevate privileges. Apple confirmed this flaw was actively exploited in attacks targeting versions of iOS prior to 17.2, and it has now been patched in iPadOS 17.7.6, macOS 14.7.5, and macOS 13.7.5.
Another vulnerability addressed this time is CVE-2025-24200, a flaw in USB Restricted Mode that could be bypassed by a physical attacker. This issue was previously reported to be actively exploited in sophisticated, targeted attacks and has now been patched in iOS 15.8.4, 16.7.11, and 18.4, ensuring protection even for users on legacy devices like the iPhone 6s and iPhone 8.
The backporting effort also included fixes for CVE-2025-24201, a WebKit sandbox escape vulnerability related to malicious web content, which had reportedly been used in real-world attacks. This issue was originally mitigated in iOS 17.2 and is now patched across older systems dating back to iOS 15.8.4 and macOS Safari on Sequoia, Ventura, and Sonoma.
The latest patches are part of a coordinated rollout spanning:
- iOS/iPadOS 15.8.4 and 16.7.11 – for devices like iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, and iPod touch 7th gen.
- iPadOS 17.7.6 – covering older iPad Pro and iPad 6th gen models.
- iOS/iPadOS 18.4 and macOS Sequoia 15.4 – bringing dozens of new security fixes to modern devices.
- Safari 18.4 – targeting vulnerabilities in WebKit and Web Extensions for macOS Ventura and Sonoma.
Users are advised to update their devices as soon as possible. This includes not only the latest models but also older iPhones, iPads, and Macs still receiving legacy updates. Those unable to update should be cautious of suspicious websites, unsolicited downloads, and USB-based attacks, particularly in high-risk environments. Enterprises managing device fleets should prioritize applying these updates to prevent exploitation of known and patched vulnerabilities.
By retroactively hardening older systems against vulnerabilities that had already seen exploitation in the wild, Apple underscores a rare but welcome commitment to long-tail device security — bridging the gap between cutting-edge and end-of-life support.
Leave a Reply