Apple Patches Actively Exploited Vulnerabilities in Older Devices

Apple has released security updates to address three actively exploited vulnerabilities in older iPhone, iPad, and Mac models, ensuring continued protection for users on previous operating system versions.

Vulnerabilities Addressed

The three security flaws patched are:

• CVE-2025-24085 (CVSS 7.3): A use-after-free vulnerability in Core Media that could allow a malicious app to escalate privileges.

• CVE-2025-24200 (CVSS 4.6): An authorization flaw in Accessibility, enabling an attacker to disable USB Restricted Mode on a locked device.

• CVE-2025-24201 (CVSS 8.8): An out-of-bounds write issue in WebKit, allowing crafted web content to escape the Web Content sandbox.

Devices and OS Versions Receiving Fixes

Apple has rolled out updates to mitigate these threats on older iOS and macOS versions:

• macOS Sonoma 14.7.5, Ventura 13.7.5, iPadOS 17.7.6 – Fix for CVE-2025-24085.

• iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11 – Fixes for CVE-2025-24200 and CVE-2025-24201.

Impacted Devices

• iOS 15.8.4 / iPadOS 15.8.4: iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini 4, iPod touch (7th gen).

• iOS 16.7.11 / iPadOS 16.7.11: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th gen, iPad Pro (9.7-inch, 12.9-inch 1st gen).

• iPadOS 17.7.6: iPad Pro (12.9-inch 2nd gen, 10.5-inch), iPad 6th gen.

Additional Security Updates

Alongside these backported fixes, Apple also released major updates for its latest OS versions:

• iOS 18.4 / iPadOS 18.4 – 62 security fixes.

• macOS Sequoia 15.4 – 131 security fixes.

• tvOS 18.4 – 36 security fixes.

• visionOS 2.4 – 38 security fixes.

• Safari 18.4 – 14 security fixes.

Recommendation

Although the newly disclosed vulnerabilities in Apple’s latest software have not yet been exploited, users are strongly encouraged to update their devices promptly to stay protected against emerging threats.