Apple just finally patched a whole host of OS security issues on older devices, so update now

News
By published

Fixes for three major vulnerabilities were recently backported by Apple

Close up of a person touching an email icon.
Image Credit: Pixabay (Image credit: Geralt / Pixabay)
  • Apple has backported fixes for three security vulnerabilities
  • At least two were being used in "highly sophisticated attacks"
  • Older iOS, iPadOS, and macOS versions are now protected

Apple has backported three major vulnerability fixes to older versions of its operating systems to fix issues reportedly beingabused in the wild, with some of the incidents being described as “highly sophisticated”.

The three flaws are tracked as CVE-2025-24200, CVE-2024-24201, and CVE-2025-24085. The former is a bug that allows malicious actors to disable the “USB Restricted Mode” on locked devices.

When it first released a patch, in mid-February 2025, the company said it was “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

WebKit sandbox

USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than one hour. This helps protect against hacking tools that try to bypass passcodes or extract data via USB connections.

This bug was fixed in iOS 18.3.1 and iPadOS 18.3.1.

The second issue, tracked as CVE-2025-24201, is a bug enabling attackers to break out of the Web Content sandbox in the WebKit engine. Apple patched this one in mid-March and, once again, warned users about sophisticated attacks:

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2,” the company said at the time.

Fixes for both flaws are now incorporated in iOS 16.7.11 and 15.8.4, as well as iPadOS versions 16.7.11 and 15.8.4.

The third bug is a privilege escalation vulnerability in Apple’s Code Media framework, which CyberInsider described as "among the most critical fixes". It was patched in late January this year, and has now made its way to iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.