Apple on Monday backported fixes for 3 vulnerabilities which have come below energetic exploitation within the wild to older fashions and former variations of the working techniques.
The vulnerabilities in query are listed beneath –
- CVE-2025-24085 (CVSS rating: 7.3) – A use-after-free bug within the Core Media part that might allow a malicious software already put in on a tool to raise privileges
- CVE-2025-24200 (CVSS rating: 4.6) – An authorization challenge within the Accessibility part that might make it attainable for a malicious actor to disable USB Restricted Mode on a locked gadget as a part of a cyber bodily assault
- CVE-2025-24201 (CVSS rating: 8.8) – An out-of-bounds write challenge within the WebKit part that might enable an attacker to craft malicious net content material such that it might probably get away of the Internet Content material sandbox
The updates at the moment are obtainable for the next working system variations –
The fixes cowl the next gadgets –
- iOS 15.8.4 and iPadOS 15.8.4 – iPhone 6s (all fashions), iPhone 7 (all fashions), iPhone SE (1st era), iPad Air 2, iPad mini (4th era), and iPod contact (seventh era)
- iOS 16.7.11 and iPadOS 16.7.11 – iPhone 8, iPhone 8 Plus, iPhone X, iPad fifth era, iPad Professional 9.7-inch, and iPad Professional 12.9-inch 1st era
- iPadOS 17.7.6 – iPad Professional 12.9-inch 2nd era, iPad Professional 10.5-inch, and iPad sixth era
The event comes because the tech big launched iOS 18.4 and iPadOS 18.4 to treatment 62 flaws, macOS Sequoia 15.4 to plug 131 flaws, tvOS 18.4 to resolve 36 flaws, visionOS 2.4 to patch 38 flaws, and Safari 18.4 to repair 14 flaws.
Whereas not one of the newly disclosed shortcomings have come below energetic exploitation, customers are really useful to replace their gadgets to the newest model to safeguard in opposition to potential threats.