Ethical Hacking News
Apple has released a critical security patch for three vulnerabilities (CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201) that have been actively exploited in the wild. The update covers various devices running on older operating systems and addresses significant risks to user data and device security.
Apple has released a critical security patch for three vulnerabilities (CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201) that have been actively exploited in the wild. The vulnerabilities pose significant risks to Apple devices running on older operating systems. These vulnerabilities include a use-after-free bug, an authorization issue, and an out-of-bounds write issue. The security patch addresses these vulnerabilities across various devices, including iPhone 6s, iPhone 8, iPad Pro, and more. A total of 62 flaws in iOS, 131 flaws in macOS, and 38 flaws in tvOS have been fixed with the latest updates. Users are advised to update their devices with the latest security patches to safeguard against potential threats.
Apple has recently released a critical security patch for three vulnerabilities that have been actively exploited by hackers in the wild. These vulnerabilities, which were previously identified as CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201, pose significant risks to Apple devices running on older operating systems.
According to the details provided by Apple, these vulnerabilities have been categorized under the following categories:
1. **CVE-2025-24085 (CVSS score: 7.3)** - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. This vulnerability allows attackers to exploit the system's privilege escalation capabilities, potentially leading to unauthorized access and control over sensitive data.
2. **CVE-2025-24200 (CVSS score: 4.6)** - An authorization issue in the Accessibility component that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This vulnerability enables attackers to bypass security features intended to protect users from unauthorized access and control over their devices.
3. **CVE-2025-24201 (CVSS score: 8.8)** - An out-of-bounds write issue in the WebKit component that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox. This vulnerability enables attackers to inject malicious code into web applications, potentially leading to unauthorized access and control over user data.
The security patch released by Apple addresses these vulnerabilities across various devices, including:
- **iOS 15.8.4 and iPadOS 15.8.4** - iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- **iOS 16.7.11 and iPadOS 16.7.11** - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- **iPadOS 17.7.6** - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
These updates cover a total of 62 flaws in iOS 18.4, 131 flaws in macOS Sequoia 15.4, 36 flaws in tvOS 18.4, 38 flaws in visionOS 2.4, and 14 flaws in Safari 18.4.
The development comes as hackers are actively exploiting these vulnerabilities, posing significant risks to Apple devices running on older operating systems. It is imperative for users to update their devices with the latest security patches to safeguard against potential threats.
In light of this critical security patch, it is essential to assess the implications and consequences of these newly disclosed shortcomings and the steps being taken by Apple to address them.
Related Information:
https://www.ethicalhackingnews.com/articles/Exploiting-the-Vulnerabilities-A-Comprehensive-Analysis-of-Apples-Latest-Security-Patch-ehn.shtml
https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html
https://www.bleepingcomputer.com/news/apple/apple-fixes-recently-disclosed-zero-days-on-older-iphones-and-ipads/
https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-recent-zero-days-on-older-iphones/
https://nvd.nist.gov/vuln/detail/CVE-2025-24085
https://www.cvedetails.com/cve/CVE-2025-24085/
https://nvd.nist.gov/vuln/detail/CVE-2025-24200
https://www.cvedetails.com/cve/CVE-2025-24200/
https://nvd.nist.gov/vuln/detail/CVE-2025-24201
https://www.cvedetails.com/cve/CVE-2025-24201/
Published: Tue Apr 1 11:21:09 2025 by llama3.2 3B Q4_K_M
