Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Apple just finally patched a whole host of OS security issues on older devices, so update now

Apple
Close up of a person touching an email icon.
  • Apple has backported fixes for three security vulnerabilities
  • At least two were being used in "highly sophisticated attacks"
  • Older iOS, iPadOS, and macOS versions are now protected

Apple has backported three major vulnerability fixes to older versions of its operating systems to fix issues reportedly beingabused in the wild, with some of the incidents being described as “highly sophisticated”.

The three flaws are tracked as CVE-2025-24200, CVE-2024-24201, and CVE-2025-24085. The former is a bug that allows malicious actors to disable the “USB Restricted Mode” on locked devices.

When it first released a patch, in mid-February 2025, the company said it was “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

WebKit sandbox

USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than one hour. This helps protect against hacking tools that try to bypass passcodes or extract data via USB connections.

This bug was fixed in iOS 18.3.1 and iPadOS 18.3.1.

The second issue, tracked as CVE-2025-24201, is a bug enabling attackers to break out of the Web Content sandbox in the WebKit engine. Apple patched this one in mid-March and, once again, warned users about sophisticated attacks:

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2,” the company said at the time.

Fixes for both flaws are now incorporated in iOS 16.7.11 and 15.8.4, as well as iPadOS versions 16.7.11 and 15.8.4.

The third bug is a privilege escalation vulnerability in Apple’s Code Media framework, which CyberInsider described as "among the most critical fixes". It was patched in late January this year, and has now made its way to iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
"Chris Cornell was the first rock star to consume the contents of my stomach." How Pearl Jam's Eddie Vedder and Soundgarden's Chris Cornell inspired the youth of America to drink vomit in the early '90s
Things got freaky on Lollapalooza 1992 thanks to The Jim Rose Circus Sideshow and their rock star friends
Metal Hammer
Metal Hammer
Massive “Thirst” Over Guy In Joe Biden’s Family Easter Pic As Internet Finds Out Who He Is
"He looks like he writes poetry."
Bored Panda
Bored Panda
Jared Leto Labeled “Hollywood’s Most Persistent Predator” After Woman Unleashes Bombshell Allegations
"Hollywood's most persistent predator"
Bored Panda
Bored Panda
I can tell this new Netflix comedy series is going to have a sad twist
The Four Seasons will have light and shade
T3
T3
How Alex Wiltschko went from Google Brain to giving computers the sense of smell
Osmo is an AI olfactory company that has raised $60 million from Lux and Google Ventures.
Fortune
Fortune
Fox’s new gameshow makes people guess what Trump’s been up to. Somehow I can’t see the joy in that
What Did I Miss? features a smarmy host quizzing sequestered contestants on the headlines. But politics is not funny any more
The Guardian - US
The Guardian - US
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play