Still Using an older version of iOS or ipados? Update now to Patch These Critical Security Vulnerabilites

On Monday, Apple Issured Critical Security Updates that retroactivly address the three actively exploated zero-day vulnerabilities affecting legacy versions of iTS Operating Systems.

Cve-2025-24200

The first vulnerability, designated cve-2025-24200, was patched in iOS 16.7.11iPados 16.7.11, iOS 15.8.4And iPados 15.8.4.

Cve-2025-24200 Allows a physical attacker to disable usb restricted mode on an apple device. This is a security feature designed to block unauthorized data access through the USB port when the iPhone or ipad is locked for over an hour.

Apple Said Cve-2025-24200 “May have been exploated in an extramely sophisticated attack against Specific Targeted Individuals,” Hinting at Potential Involvement from State-State-State-State-State-SCOMTER Aiming to Surveil High-Value Targets Such as Government Officials, Journalists, or Senior Business Executives. Although initially patched on February 10 in iOS 18.3.1, iPados 18.3.1, and iPad 17.7.5, The Vulnerability Remained Unresolved In Operating Systems UNTIL NOW.

See: Critical zero-day vulnerabilites found in these vmware products

Trump Says Wants ‘Direct Talks’ With Iran on Nukes Deal

Cve-2025-24201

The Second Flaw, Cve-2025-24201, was also Patched in iOS 16.7.11, iPados 16.7.11, iOS 15.8.4, and iPados 15.8.4.

This flw is in webkit, the browser engine used by safari to render web pages. It Allows Malicious Code Running Inseed The Web Content Sandbox-An islated environment intended to continue browser-based threts-to escape and compromise broader system componants.

Cve-2025-24201 was first mitigated in iOS 17.2 in late 2023, Followed by a Supplemental Patch in iOS 18.3.2, Macos Sequoia 15.3.2, Visionos 2.3.2, and Safari 18.3.1. The flaw has been retrospectively addressed in iOS and iPados 15 and 16.

Cve-2025-24085

Cve-2025-24085, The Third Vulnerability, was Patched in iPados 17.7.6, Macos Sonoma 14.7.5and Macos Ventura 13.7.5,

The use-affder-free vulnerability is in apple’s core media, the framework responsible for handling media processing tasks soch as audio and video playback in apps. It allows attackers to seize control of deallocated memory and repurpose it to Execute Privileged Malicious Code ..

India’s Coal Dependence Rose to 79% in FY24 AMID Government’s Renewables Push

Originally Patched in January, with iOS 18.3, iPados 18.3, Macos Sequoia 15.3, Watchos 11.3, Visionos 2.3, and TVOS 18.3, Apple has now backported the Fix to Older Systems.

Other Vulnerabilites was Patched in iOS 18.4

ALONGSIDE New Apple Intelligence Features and Emojis, iOS 18.4 – Released on Tuesday – Delivers Fixes for New Vulnerabilites, Including:

• CVE-2025-30456: A flaw in the diskarbitration framework that allowed apps to escalate their privateages to root.
• CVE-2025-24097: A flaw in airdrop that allowed unauthorized apps to access file metadata, such as creation data or user details.
• Cve-2025-31182: A flaw in the Libxpc framework that lets apps delete arbitrary files on the device.
• CVE-2025-30429, CVE-2025-24178, CVE-2025-24173: Flaws that allowed apps to break out of sandbox in calendar, Libxpc, and Power Services, Respected.
• Cve-2025-30467: A flaw in safari that count allow Malicious websites to spoof the address bar.

Apple users are strongly Urged to update their devices immediatily to Guard Against Exploation of these now-Publicized Vulnerabilityes. While most users will receive automatic update prompts, manual updates can be performed via settings, general, and then software update.