On Monday, Apple backported fixes for three vulnerabilities that have been actively exploited in older models and earlier versions of the operating system.
The vulnerabilities in question are listed below –
CVE-2025-24085 (CVSS score: 7.3) – A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges CVE-2025-24200 (CVSS score: 4.6) – An authorization issue in the Accessibility component that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack CVE-2025-24201 (CVSS score: 8.8) – There is no problem writing violations to WebKit components that could allow attackers to create malicious web content so they can escape from web content
Updates are now available for the following operating system versions –
Fix covers the following devices –
iOS 15.8.4 and iPads 15.8.4 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad Mini (4th generation) (7th generation) iOS 16.7.11 and iPads 16.7.11 – iPhone 8, iPhone X, iPhone 5th Pro Pro 12.9 inch 1st generation iPads 17.7.6 – iPad Pro 12.9 inch 2nd generation, iPad Pro 10.5 inch, iPad 6th generation
This development occurs when Tech Giant released iOS 18.4 and iPads 18.4 to fix 62 defects, Macos Sequoia 15.4, 131 defects, TVOS 18.4 plugged in to 36 defects, Visionos 2.4 to 38 defects, Safari 18.4 to fix 14 defects.
While none of the newly disclosed drawbacks have been actively exploited, users are encouraged to update their devices to the latest version to prevent potential threats.
Source link
