Apple Patches Actively Exploited Zero-Day Flaws on Older iPhones and Macs
Apple has released emergency security updates for older iPhones and Macs, addressing three critical vulnerabilities that are already being exploited by attackers. The move backports fixes for recently discovered zero-day flaws to devices running older versions of iOS and macOS, ensuring a wider range of users are protected.
Got an older iPhone or iPad kicking around? You'll want to pay attention to this. Apple just dropped some crucial security updates for older devices, plugging holes that are actively being exploited "in the wild." That means bad actors are already using these vulnerabilities, so patching up is a must.
So, what's getting fixed? Here's the lowdown:
- CVE-2025-24085 (CVSS score: 7.3) - This one's a use-after-free bug deep in the Core Media component. If a malicious app somehow gets onto your device, this flaw could let it gain higher-level privileges. Not good!
- CVE-2025-24200 (CVSS score: 4.6) - Think someone can disable USB Restricted Mode (which is designed to protect your data when your device is locked)? This authorization issue in Accessibility could let them do just that, potentially as part of a physical attack.
- CVE-2025-24201 (CVSS score: 8.8) - WebKit, the engine behind Safari and other web content, had an out-of-bounds write issue. Nasty stuff. An attacker could craft a malicious website that breaks free of the browser's security sandbox and causes trouble.
Where are these fixes landing? Here's the breakdown by operating system version:
- CVE-2025-24085: Sorted out in macOS Sonoma 14.7.5, macOS Ventura 13.7.5, and iPadOS 17.7.6
- CVE-2025-24200: Patched in iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, and iPadOS 16.7.11
- CVE-2025-24201: Also fixed in iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, and iPadOS 16.7.11
Which devices are getting the love? Here's the list:
- iOS 15.8.4 and iPadOS 15.8.4: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- iOS 16.7.11 and iPadOS 16.7.11: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- iPadOS 17.7.6: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
This all comes hot on the heels of Apple's broader update spree, which included iOS 18.4 and iPadOS 18.4 (62 fixes!), macOS Sequoia 15.4 (a whopping 131 fixes!), tvOS 18.4 (36 fixes), visionOS 2.4 (38 fixes), and Safari 18.4 (14 fixes).
While those *new* updates don't address actively exploited flaws, Apple's still urging everyone to update to the latest versions. Better safe than sorry, right?
