Apple has released patches for three vulnerabilities that are being actively exploited in the wild, making them available for older models and previous versions of the operating systems.
The vulnerabilities in question are as follows:
- CVE-2025-24085 (CVSS score: 7.3) – This use-after-free bug in the Core Media component could allow a malicious application to elevate privileges on a device.
- CVE-2025-24200 (CVSS score: 4.6) – An authorization issue in the Accessibility component could enable a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.
- CVE-2025-24201 (CVSS score: 8.8) – An out-of-bounds write issue in the WebKit component could allow an attacker to craft malicious web content that breaks out of the Web Content sandbox.
The updates are now available for the following operating system versions:
The fixes apply to the following devices:
- iOS 15.8.4 and iPadOS 15.8.4 – This includes iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
- iOS 16.7.11 and iPadOS 16.7.11 – This includes iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
- iPadOS 17.7.6 – This includes iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.
This development comes as Apple released iOS 18.4 and iPadOS 18.4 to address 62 flaws, macOS Sequoia 15.4 to fix 131 flaws, tvOS 18.4 to resolve 36 flaws, visionOS 2.4 to patch 38 flaws, and Safari 18.4 to fix 14 flaws.
Although none of the newly disclosed vulnerabilities have been actively exploited, users are advised to update their devices to the latest version to protect against potential threats.
