Ethical Hacking News
Apple has released critical security patches for older iOS and macOS versions, addressing zero-day exploits and numerous other security vulnerabilities.
Apple recently released security updates that include backported fixes for actively exploited vulnerabilities in its operating systems. The company addressed three critical vulnerabilities: CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085. Fixes were made available through various older versions of iOS, iPadOS, macOS, watchOS, visionOS, and tvOS. Updates also included fixes for 77 vulnerabilities in iOS 18.4 and iPadOS 18.4, as well as 123 vulnerabilities in macOS Sequoia 15.4. The latest Safari 18.4 update addresses 13 flaws, including zero-day exploits and privilege escalation vulnerabilities.
Apple has recently released security updates that include backported fixes for actively exploited vulnerabilities that were previously zero-day exploits on its operating systems. The company's move is a significant step in addressing the growing threat landscape of modern cybersecurity.
In April 2025, Apple backported fixes for three critical vulnerabilities – CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 – into older versions of its operating systems. The first vulnerability, CVE-2025-24200, was discovered by Citizen Lab and allowed mobile forensic tools to disable the "USB Restricted Mode" on locked devices. Apple addressed this flaw in iOS 18.3.1, iPadOS 18.3.1, and macOS Sequoia 15.7.5.
The second vulnerability, CVE-2025-24201, was a WebKit engine exploit that allowed hackers to break out of the Web Content sandbox using specially crafted web content. Apple warned that this flaw was exploited in "extremely sophisticated" attacks and fixed it on March 11, 2025, with the release of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.
The third vulnerability, CVE-2025-24085, was a privilege escalation problem in Apple's Core Media framework. The firm fixed the issue in late January 2025 with the release of iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.
Now, fixes for CVE-2025-24085 were made available through iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).
In addition to the backports, Apple also released security updates for its latest stable branches of its operating systems and software like Safari and Xcode. The latest update for iOS 18.4 and iPadOS 18.4 fixes 77 vulnerabilities, including CVE-2025-30456, a sandbox bypass vulnerability allowing root privilege escalation; CVE-2025-24097, an arbitrary file metadata access vulnerability; and CVE-2025-31182, an arbitrary file deletion vulnerability.
On macOS Sequoia 15.4, Apple addressed 123 vulnerabilities, including CVE-2025-24228, an arbitrary code execution with kernel privileges vulnerability; CVE-2025-24267, a privilege escalation to root vulnerability; and CVE-2025-24178, a sandbox escape vulnerability.
The latest Safari 18.4 update addresses 13 flaws, including CVE-2025-24213, a WebKit memory corruption vulnerability; CVE-2025-30427, a WebKit use-after-free vulnerability; and CVE-2025-24180, a WebAuthn credential confusion vulnerability.
While no actively exploited zero-day flaws were disclosed in these bulletins, users are advised to apply the updates as soon as possible to remain protected against attacks. The importance of staying updated with the latest security patches cannot be overstated, as it directly impacts one's ability to safeguard their personal data and maintain control over their digital devices.
In conclusion, Apple's recent release of backported zero-day patches for its operating systems is a significant move in addressing the growing threat landscape. By providing fixes for actively exploited vulnerabilities and other security flaws, the company is taking an important step towards protecting its users from cyber threats. Users should take advantage of these updates to bolster their device's defenses and minimize their risk exposure.
Apple has released critical security patches for older iOS and macOS versions, addressing zero-day exploits and numerous other security vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Apple-Backports-Critical-Zero-Day-Patches-to-Older-iOS-and-macOS-Versions-ehn.shtml
https://www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-macs/
https://nvd.nist.gov/vuln/detail/CVE-2025-24200
https://www.cvedetails.com/cve/CVE-2025-24200/
https://nvd.nist.gov/vuln/detail/CVE-2025-24201
https://www.cvedetails.com/cve/CVE-2025-24201/
https://nvd.nist.gov/vuln/detail/CVE-2025-24085
https://www.cvedetails.com/cve/CVE-2025-24085/
https://nvd.nist.gov/vuln/detail/CVE-2025-30456
https://www.cvedetails.com/cve/CVE-2025-30456/
https://nvd.nist.gov/vuln/detail/CVE-2025-24097
https://www.cvedetails.com/cve/CVE-2025-24097/
https://nvd.nist.gov/vuln/detail/CVE-2025-31182
https://www.cvedetails.com/cve/CVE-2025-31182/
https://nvd.nist.gov/vuln/detail/CVE-2025-24228
https://www.cvedetails.com/cve/CVE-2025-24228/
https://nvd.nist.gov/vuln/detail/CVE-2025-24267
https://www.cvedetails.com/cve/CVE-2025-24267/
https://nvd.nist.gov/vuln/detail/CVE-2025-24178
https://www.cvedetails.com/cve/CVE-2025-24178/
https://nvd.nist.gov/vuln/detail/CVE-2025-24213
https://www.cvedetails.com/cve/CVE-2025-24213/
https://nvd.nist.gov/vuln/detail/CVE-2025-30427
https://www.cvedetails.com/cve/CVE-2025-30427/
https://nvd.nist.gov/vuln/detail/CVE-2025-24180
https://www.cvedetails.com/cve/CVE-2025-24180/
Published: Tue Apr 1 10:22:44 2025 by llama3.2 3B Q4_K_M
