Listen to this Post
Apple Addresses Three Actively Exploited Vulnerabilities
Apple has taken a significant step in securing older iOS and macOS devices by backporting fixes for three actively exploited vulnerabilities. These security flaws, which were being used in real-world attacks, posed serious threats to users of outdated devices. The updates aim to mitigate the risks by improving memory management, state control, and sandbox protections.
The three vulnerabilities, identified as CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201, were found in different system components and required immediate patching. Each of these flaws had the potential to be leveraged by attackers to escalate privileges, bypass security mechanisms, or execute malicious code remotely.
Here’s a breakdown of the three vulnerabilities:
- CVE-2025-24085 (Privilege Escalation in Core Media, CVSS Score: 7.3)
– First discovered in January 2025, this flaw allowed attackers to gain escalated privileges through the Core Media framework, a key component responsible for handling audio and video functions.
– Apple patched this vulnerability by improving memory management to prevent a use-after-free exploit.
– This flaw was reportedly used in targeted attacks against iPhone users.
- CVE-2025-24200 (Bypass of USB Restricted Mode, CVSS Score: 4.6)
– In February 2025, Apple rushed out a fix for this zero-day vulnerability, which allowed attackers to disable USB Restricted Mode on a locked device.
– USB Restricted Mode is a security feature introduced in iOS 11.4.1 to prevent unauthorized access through the Lightning port.
– The flaw was described as part of an “extremely sophisticated” attack campaign.
– Apple addressed the issue by implementing improved state management.
3. CVE-2025-24201 (WebKit Out-of-Bounds Write, CVSS Score: 8.8)
- This WebKit vulnerability, discovered in March 2025, enabled attackers to execute arbitrary code through a maliciously crafted webpage.
- The flaw allowed attackers to escape the Web Content sandbox, increasing the risk of further exploitation.
- Apple had previously mitigated a similar attack in iOS 17.2 but provided additional fixes to enhance security.
Devices Receiving Security Updates
To ensure broader protection, Apple rolled out security updates for older iOS and iPadOS versions:
- iOS 15.8.4 / iPadOS 15.8.4 – Supports iPhone 6s, iPhone 7, iPhone SE (1st Gen), iPad Air 2, iPad Mini 4, and iPod Touch (7th Gen).
- iOS 16.7.11 / iPadOS 16.7.11 – Covers iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th Gen, iPad Pro (9.7-inch & 12.9-inch 1st Gen).
- iPadOS 17.7.6 – Applies to iPad Pro (12.9-inch 2nd Gen, 10.5-inch), and iPad 6th Gen.
Apple’s commitment to securing older devices demonstrates its efforts to support users who have not upgraded to the latest iOS versions. However, these backported fixes also highlight the increasing sophistication of cyber threats targeting Apple’s ecosystem.
What Undercode Says:
Apple’s Security Response: Proactive or Reactive?
Apple’s decision to backport security fixes is commendable but raises questions about its overall security strategy. The fact that these vulnerabilities were exploited in real-world attacks suggests a reactive approach—addressing threats after they have been actively used rather than proactively preventing them.
Zero-Days: A Growing Concern
The three vulnerabilities patched by Apple underline a troubling trend—zero-day exploits are becoming more frequent and sophisticated. Attackers are increasingly targeting Apple’s ecosystem, forcing the company to release emergency updates more often. The involvement of vulnerabilities in critical system components like Core Media, USB security features, and WebKit suggests that cybercriminals are refining their attack techniques.
Implications for Older Devices
While Apple’s updates are a relief for users of older devices, they also signal an underlying issue—how long will Apple continue supporting legacy hardware? Devices running iOS 15 and 16 are already years behind the latest updates, and many iOS 14 or older users remain vulnerable. This raises concerns about long-term security risks for those unwilling or unable to upgrade.
WebKit: Apple’s Weak Link?
WebKit, the browser engine powering Safari and other Apple services, has been a frequent target for attackers. The CVE-2025-24201 vulnerability is just the latest in a series of WebKit flaws. Apple’s past security updates have shown that patching WebKit alone is often insufficient; attackers continue to find new ways to exploit it.
Security vs. Usability
Apple’s USB Restricted Mode vulnerability (CVE-2025-24200) reveals a dilemma: balancing security with usability. The feature was designed to block unauthorized data access, yet attackers found a way to disable it. This suggests that as security measures become more complex, so do the tactics used to bypass them.
Future Predictions
- More zero-day disclosures: Given the increasing sophistication of attacks, Apple will likely see more zero-days reported throughout 2025.
- Hardware security enhancements: Future iPhones may incorporate better hardware-level security to prevent software-based exploits.
- Stronger WebKit protections: Apple might introduce more robust WebKit sandboxing to counter frequent attacks.
While Apple remains a leader in security, these vulnerabilities highlight the continuous arms race between tech giants and cybercriminals.
Fact Checker Results:
- Apple has officially confirmed all three vulnerabilities – The fixes were released publicly, verifying the existence of active exploits.
- The vulnerabilities were exploited in real-world attacks – Apple’s security advisories explicitly mentioned that these flaws were being used in targeted attacks.
- The backported updates apply to older devices only – These patches do not affect newer iOS versions like iOS 17.
References:
Reported By: https://securityaffairs.com/176119/security/apple-backported-fixes-for-three-actively-exploited-flaws-to-older-devices.html
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia
Undercode AI
Image Source:
Pexels
Undercode AI DI v2
