Apple backports zero-day patches to older iPhones and Macs
Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems.
At the same time, the consumer tech giant released security updates for the latest stable iOS, iPadOS, and macOS, addressing numerous security flaws.
Backporting zero-day fixes
The first backport concerns CVE-2025-24200, a flaw discovered by Citizen Lab that was exploited by mobile forensic tools to disable 'USB Restricted Mode' on locked devices.
Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025.
The second vulnerability backported to older OS versions is CVE-2025-24201, which allowed hackers to break out of the Web Content sandbox on the WebKit engine using specially crafted web content.
Apple warned that the flaw was exploited in "extremely sophisticated" attacks, fixing it on March 11, 2025, with the release of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.
The vendor has now incorporated fixes for both CVE-2025-24200 and CVE-2025-24201 in iOS 16.7.11 and 15.8.4 and iPadOS versions 16.7.11 and 15.8.4.
The third flaw fixed on older devices is CVE-2025-24085, a privilege escalation problem in Apple's Core Media framework.
The firm fixed the issue in late January 2025 with the release of iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.
Now, fixes for CVE-2025-24085 were made available through iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).
Newest security updates
In addition to the backports, Apple also released security updates for the latest stable branches of its operating systems and software like Safari and Xcode.
Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 vulnerabilities, including CVE-2025-30456 (app sandbox bypass allowing root privilege escalation), CVE-2025-24097 (arbitrary file metadata access), and CVE-2025-31182 (arbitrary file deletion).
On macOS Sequoia 15.4, Apple addressed 123 vulnerabilities, including CVE-2025-24228 (arbitrary code execution with kernel privileges), CVE-2025-24267 (privilege escalation to root), and CVE-2025-24178 (sandbox escape).
On the latest Safari 18.4, Apple addressed 13 flaws including CVE-2025-24213 (WebKit memory corruption), CVE-2025-30427 (WebKit use-after-free), and CVE-2025-24180 (WebAuthn credential confusion).
While no actively exploited zero-day flaws were disclosed in these bulletins, users should apply the updates as soon as possible to remain protected against attacks.
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner
