Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Apple Delays Patch for Exploited Flaws in Older OSes, But Finally Catches Up


Apple has belatedly patched CVE-2025-24200 and other security vulnerabilities in its older operating systems, addressing a patching delay that had raised concerns about user safety. This update brings some relief to users who have been vulnerable to exploitation by attackers.

  • Apple's slow pace of updating its older operating systems with security patches has raised concerns about potential risks to users.
  • A recent update addressed some significant vulnerabilities, including a hole in USB Restricted Mode and a privilege escalation vulnerability in CoreMedia.
  • The delay in releasing these patches may be attributed to Apple's "Longevity by design" ethos, prioritizing updates for older versions of its operating systems.
  • Users are still at risk due to older models or devices not receiving the latest update yet; timely software updates are crucial for device security.



    • Apple has been criticized for its slow pace of updating its older operating systems with security patches. In a recent update, Apple finally addressed some of the vulnerabilities that had been exploited by attackers. The company's delay in issuing these patches has raised concerns about the potential risks to users.

    The most significant fix is related to CVE-2025-24200, a hole in USB Restricted Mode. This feature was introduced back in 2018 to lock down the Lightning or USB-C port if an iDevice had been locked for over an hour. However, this vulnerability allowed attackers with physical access to a locked device to disable the USB Restricted Mode, potentially exposing user data.

    Initially, Apple patched this issue in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 in February. Despite this, some users are still at risk due to their devices being older models or not having received the latest update yet. The good news is that this fix has now been included in iOS 16.7.11 and 15.8.4, as well as corresponding iPadOS versions.

    Another exploited flaw, CVE-2025-24201, allowed malicious web content to escape the Safari browser engine WebKit's Web Content sandbox. Fortunately, this vulnerability has also been addressed by Apple with the latest iOS versions.

    Furthermore, macOS Ventura was updated to version 13.7.5 and includes a fix for CVE-2025-24085, which is a privilege escalation vulnerability in CoreMedia caused by a use-after-free() flaw that was under active exploitation. On the other hand, users running macOS Sonoma can opt for updating their OS to version 14.7.5, as it comes with 90 patches.

    Lastly, Apple has updated its recent iOS and iPadOS releases to version 18.4, addressing 60 vulnerabilities along the way. Notably, none of these are known to be currently under active attack.

    The belated release of this patch can be attributed to various factors. It may also reflect the company's "Longevity by design" ethos, which means that its products are designed to last for years. Consequently, Apple prioritizes updates and bug fixes for older versions of its operating systems as well.

    However, this delay has raised concerns about potential risks for users who have not yet received these patches. Therefore, it is recommended that users update their devices promptly if they can manage the time.

    In conclusion, while Apple's slow pace in releasing security patches has been a topic of discussion, the company has finally addressed some of the most significant vulnerabilities that were being exploited by attackers. Nonetheless, this incident highlights the importance of timely software updates and encourages users to take proactive measures to protect their devices.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Apple-Delays-Patch-for-Exploited-Flaws-in-Older-OSes-But-Finally-Catches-Up-ehn.shtml

  • https://go.theregister.com/feed/www.theregister.com/2025/04/02/apple_patch_bundle/

  • https://www.theregister.com/2025/04/02/apple_patch_bundle/

  • https://www.msn.com/en-us/news/technology/apple-belatedly-patches-actively-exploited-bugs-in-older-oses/ar-AA1C7SQS

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24200

  • https://www.cvedetails.com/cve/CVE-2025-24200/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24201

  • https://www.cvedetails.com/cve/CVE-2025-24201/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24085

  • https://www.cvedetails.com/cve/CVE-2025-24085/


    • Published: Wed Apr 2 01:44:31 2025 by llama3.2 3B Q4_K_M


     |   |   |  Sub Stack  |  Blue Sky


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us