Apple has released security updates to patch actively exploited zero-day vulnerabilities in older versions of its operating systems.
At the same time, the company has rolled out security updates for the latest stable versions of iOS, iPadOS, macOS, and other software.
Among the backported fixes is CVE-2025-24200, a flaw exploited by mobile forensic tools to disable USB Restricted Mode on locked devices. Originally fixed in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5 in February 2025, the patch has now been applied to iOS 16.7.11, 15.8.4, and corresponding iPadOS versions. Another backported fix addresses CVE-2025-24201, which allowed attackers to break out of the WebKit sandbox using malicious web content.
Apple initially fixed this issue in March 2025 with iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1, and has now extended the fix to older OS versions. Additionally, CVE-2025-24085, a privilege escalation flaw in Apple’s Core Media framework, was previously patched in iOS 18.3 and macOS Sequoia 15.3 but is now addressed in iPadOS 17.7.6 and macOS 14.7.5 (Sonoma) and 13.7.5 (Ventura).
Alongside these backports, Apple has also released major security updates for its latest OS versions. iOS 18.4 and iPadOS 18.4 include 77 security fixes, addressing vulnerabilities like CVE-2025-30456 (sandbox bypass for root access) and CVE-2025-24097 (unauthorized file metadata access). macOS Sequoia 15.4 resolves 123 security flaws, including CVE-2025-24228 (arbitrary code execution with kernel privileges) and CVE-2025-24267 (privilege escalation to root). Safari 18.4 has received 13 security patches, targeting issues such as CVE-2025-24213 (memory corruption in WebKit) and CVE-2025-30427 (use-after-free vulnerability).
While Apple did not disclose any newly exploited zero-day vulnerabilities in these updates, users are strongly encouraged to install the latest patches to protect their devices from potential attacks.
