Apple Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system.

 

Note:

CVE-2025-24085 is being exploited in the wild, a malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. 

 

CVE-2025-24200 is being exploited in the wild, a physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. 

 

CVE-2025-24201 is being exploited in the wild, maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.) 

 

[Updated on 2025-04-02]

Updated System / Technologies affected, Solutions and Related Links

 

 

RISK: High Risk

TYPE: Operating Systems – Mobile & Apps

TYPE: Mobile & Apps

Impact

  • Denial of Service
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Cross-Site Scripting
  • Spoofing

System / Technologies affected

  • Versions prior to Safari 18.4
  • Versions prior to Xcode 16.3
  • Versions prior to iOS 18.4 and iPadOS 18.4
  • Versions prior to iPadOS 17.7.6
  • Versions prior to iOS 16.7.11 and iPadOS 16.7.11
  • Versions prior to iOS 15.8.4 and iPadOS 15.8.4
  • Versions prior to macOS Sequoia 15.4
  • Versions prior to macOS Sonoma 14.7.5
  • Versions prior to macOS Ventura 13.7.5
  • Versions prior to tvOS 18.4
  • Versions prior to visionOS 2.4
  • Versions prior to watchOS 11.4

For CVE-2025-24200 and CVE-2025-24201

  • Versions prior to iOS 16.7.11 and iPadOS 16.7.11
  • Versions prior to iOS 15.8.4 and iPadOS 15.8.4

For CVE-2025-24085

  • Versions prior to macOS Sonoma 14.7.5
  • Versions prior to macOS Ventura 13.7.5
  • Versions prior to iPadOS 17.7.6

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Safari 18.4
  • Xcode 16.3
  • iOS 18.4 and iPadOS 18.4
  • iPadOS 17.7.6
  • iOS 16.7.11 and iPadOS 16.7.11
  • iOS 15.8.4 and iPadOS 15.8.4
  • macOS Sequoia 15.4
  • macOS Sonoma 14.7.5
  • macOS Ventura 13.7.5
  • tvOS 18.4
  • visionOS 2.4
  • WatchOS 11.4

Vulnerability Identifier


Source


Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.