Article Details

Apple backports zero-day patches to older iPhones and Macs. Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. At the same time, the consumer tech giant released security updates for the latest stable iOS, iPadOS, and macOS, addressing numerous security flaws. Backporting zero-day fixes The first backport concerns CVE-2025-24200, a flaw discovered by Citizen Lab that was exploited by mobile forensic tools to disable 'USB Restricted Mode' on locked devices. Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025. The second vulnerability backported to older OS versions is CVE-2025-24201, which allowed hackers to break out of the Web Content sandbox on the WebKit engine using specially crafted web content. Apple warned that the flaw was exploited in "extremely sophisticated" attacks, fixing it on March 11, 2025, with the release of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. The vendor has now incorporated fixes for both CVE-2025-24200 and CVE-2025-24201 in iOS 16.7.11 and 15.8.4 and iPadOS versions 16.7.11 and 15.8.4. The third flaw fixed on older devices is CVE-2025-24085, a privilege escalation problem in Apple's Core Media framework. The firm fixed the issue in late January 2025 with the release of iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3. Now, fixes for CVE-2025-24085 were made available through iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura). Newest security updates In addition to the backports, Apple also released security updates for the latest stable branches of its operating systems and software like Safari and Xcode. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 vulnerabilities, including CVE-2025-30456 (app sandbox bypass allowing root privilege escalation), CVE-2025-24097 (arbitrary file metadata access), and CVE-2025-31182 (arbitrary file deletion). On macOS Sequoia 15.4, Apple addressed 123 vulnerabilities, including CVE-2025-24228 (arbitrary code execution with kernel privileges), CVE-2025-24267 (privilege escalation to root), and CVE-2025-24178 (sandbox escape). On the latest Safari 18.4, Apple addressed 13 flaws including CVE-2025-24213 (WebKit memory corruption), CVE-2025-30427 (WebKit use-after-free), and CVE-2025-24180 (WebAuthn credential confusion). While no actively exploited zero-day flaws were disclosed in these bulletins, users should apply the updates as soon as possible to remain protected against attacks. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.