April 1, 2025 By Bill Toulas
Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems.
At the same time, the consumer tech giant released security updates for the latest stable iOS, iPadOS, and macOS, addressing numerous security flaws.
Backporting zero-day fixes
The first backport concerns CVE-2025-24200, a flaw discovered by Citizen Lab that was exploited by mobile forensic tools to disable 'USB Restricted Mode' on locked devices.
Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025.
The second vulnerability backported to older OS versions is CVE-2025-24201, which allowed hackers to break out of the Web Content sandbox on the WebKit engine using specially crafted web content.
Apple warned that the flaw was exploited in "extremely sophisticated" attacks, fixing it on March 11, 2025, with the release of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.
The vendor has now incorporated fixes for both CVE-2025-24200 and CVE-2025-24201 in iOS 16.7.11 and 15.8.4 and iPadOS versions 16.7.11 and 15.8.4.
The third flaw fixed on older devices is CVE-2025-24085, a privilege escalation problem in Apple's Core Media framework.
The firm fixed the issue in late January 2025 with the release of iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.
Now, fixes for CVE-2025-24085 were made available through iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).
