Apple has recently released a series of critical security updates to address vulnerabilities that were actively exploited as zero-day threats. These updates cover a wide range of Apple products, including iOS, iPadOS, macOS, and watchOS, with the aim of securing devices that may still be running outdated software.
One of the key focuses of these updates is the backporting of zero-day patches to older devices, showcasing Apple’s ongoing efforts to mitigate risks across a broad range of hardware. Two notable vulnerabilities that were actively exploited before patches were issued are CVE-2025-24200 and CVE-2025-24201.
CVE-2025-24200 allowed mobile forensic tools to bypass the USB Restricted Mode on locked devices, potentially leading to unauthorized data access via USB ports. Apple addressed this flaw with the release of iOS 18.3.1, iPadOS 18.3.1, and macOS 17.7.5 on February 10, 2025, while also providing backports for older versions such as iOS 16.7.11 and iPadOS 16.7.11.
Similarly, CVE-2025-24201 affected the WebKit engine, enabling attackers to break out of the Web Content sandbox through specially crafted web content. This vulnerability was exploited in several attacks, prompting Apple to release fixes in iOS 18.3.2, iPadOS 18.3.2, and macOS Sequoia 15.3.2 on March 11, 2025. Older devices also received updates through versions like iOS 16.7.11 and corresponding macOS releases.
In addition to addressing zero-day flaws, Apple also tackled other vulnerabilities and security issues. For example, CVE-2025-24085, a privilege escalation issue within the Core Media framework, was patched in the January 2025 updates for iOS, iPadOS, macOS, and tvOS, with backports available for older versions.
The updates also covered a range of security flaws across various system components, including Safari, CoreAudio, Maps, Calendar, and more. These patches were designed to enhance the overall security posture of Apple’s ecosystem, addressing risks that could lead to data breaches, system crashes, or unauthorized access.
The latest update, watchOS 11.4, released on April 1, 2025, targeted vulnerabilities affecting the Apple Watch Series 6 and later. Key fixes included addressing permissions issues with AirDrop and fixing a flaw in font processing that could lead to memory disclosure.
Authentication services were also fortified in the updates, with patches addressing issues like bypassing password autofill restrictions and fixing vulnerabilities affecting WebAuthn credentials. Other security enhancements covered audio-related vulnerabilities, such as flaws in processing malicious font files capable of triggering arbitrary code execution.
Overall, the release of these security updates underscores the critical role of timely patching in addressing vulnerabilities, particularly zero-day threats like CVE-2025-24200 and CVE-2025-24201. By backporting fixes to older devices, Apple aims to provide broader protection, though the effectiveness of such measures relies heavily on users promptly applying updates.