Apple Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system.

Note:

CVE-2025-24085 is being exploited in the wild, a malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. 

CVE-2025-24200 is being exploited in the wild, a physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. 

CVE-2025-24201 is being exploited in the wild, maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.) 

[Updated on 2025-04-02]

Updated System / Technologies affected, Solutions and Related Links

Impact

• Denial of Service
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Cross-Site Scripting
• Spoofing

System / Technologies affected

• Versions prior to Safari 18.4
• Versions prior to Xcode 16.3
• Versions prior to iOS 18.4 and iPadOS 18.4
• Versions prior to iPadOS 17.7.6
• Versions prior to iOS 16.7.11 and iPadOS 16.7.11
• Versions prior to iOS 15.8.4 and iPadOS 15.8.4
• Versions prior to macOS Sequoia 15.4
• Versions prior to macOS Sonoma 14.7.5
• Versions prior to macOS Ventura 13.7.5
• Versions prior to tvOS 18.4
• Versions prior to visionOS 2.4
• Versions prior to watchOS 11.4

For CVE-2025-24200 and CVE-2025-24201

• Versions prior to iOS 16.7.11 and iPadOS 16.7.11
• Versions prior to iOS 15.8.4 and iPadOS 15.8.4

For CVE-2025-24085

• Versions prior to macOS Sonoma 14.7.5
• Versions prior to macOS Ventura 13.7.5
• Versions prior to iPadOS 17.7.6

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• Safari 18.4
• Xcode 16.3
• iOS 18.4 and iPadOS 18.4
• iPadOS 17.7.6
• iOS 16.7.11 and iPadOS 16.7.11
• iOS 15.8.4 and iPadOS 15.8.4
• macOS Sequoia 15.4
• macOS Sonoma 14.7.5
• macOS Ventura 13.7.5
• tvOS 18.4
• visionOS 2.4
• WatchOS 11.4

Vulnerability Identifier

• CVE-2023-27043
• CVE-2024-9681
• CVE-2024-40864
• CVE-2024-48958
• CVE-2024-54502
• CVE-2024-54508
• CVE-2024-54533
• CVE-2024-54534
• CVE-2024-54543
• CVE-2024-56171
• CVE-2025-24085
• CVE-2025-24093
• CVE-2025-24095
• CVE-2025-24097
• CVE-2025-24113
• CVE-2025-24139
• CVE-2025-24148
• CVE-2025-24157
• CVE-2025-24163
• CVE-2025-24164
• CVE-2025-24167
• CVE-2025-24170
• CVE-2025-24172
• CVE-2025-24173
• CVE-2025-24178
• CVE-2025-24180
• CVE-2025-24181
• CVE-2025-24182
• CVE-2025-24190
• CVE-2025-24191
• CVE-2025-24192
• CVE-2025-24193
• CVE-2025-24194
• CVE-2025-24195
• CVE-2025-24196
• CVE-2025-24198
• CVE-2025-24199
• CVE-2025-24200
• CVE-2025-24201
• CVE-2025-24202
• CVE-2025-24203
• CVE-2025-24204
• CVE-2025-24205
• CVE-2025-24207
• CVE-2025-24208
• CVE-2025-24209
• CVE-2025-24210
• CVE-2025-24211
• CVE-2025-24212
• CVE-2025-24213
• CVE-2025-24214
• CVE-2025-24215
• CVE-2025-24216
• CVE-2025-24217
• CVE-2025-24218
• CVE-2025-24221
• CVE-2025-24226
• CVE-2025-24228
• CVE-2025-24229
• CVE-2025-24230
• CVE-2025-24231
• CVE-2025-24232
• CVE-2025-24233
• CVE-2025-24234
• CVE-2025-24235
• CVE-2025-24236
• CVE-2025-24237
• CVE-2025-24238
• CVE-2025-24239
• CVE-2025-24240
• CVE-2025-24241
• CVE-2025-24242
• CVE-2025-24243
• CVE-2025-24244
• CVE-2025-24245
• CVE-2025-24246
• CVE-2025-24247
• CVE-2025-24248
• CVE-2025-24249
• CVE-2025-24250
• CVE-2025-24253
• CVE-2025-24254
• CVE-2025-24255
• CVE-2025-24256
• CVE-2025-24257
• CVE-2025-24259
• CVE-2025-24260
• CVE-2025-24261
• CVE-2025-24262
• CVE-2025-24263
• CVE-2025-24264
• CVE-2025-24265
• CVE-2025-24266
• CVE-2025-24267
• CVE-2025-24269
• CVE-2025-24272
• CVE-2025-24273
• CVE-2025-24276
• CVE-2025-24277
• CVE-2025-24278
• CVE-2025-24279
• CVE-2025-24280
• CVE-2025-24281
• CVE-2025-24282
• CVE-2025-24283
• CVE-2025-27113
• CVE-2025-30424
• CVE-2025-30425
• CVE-2025-30426
• CVE-2025-30427
• CVE-2025-30428
• CVE-2025-30429
• CVE-2025-30430
• CVE-2025-30432
• CVE-2025-30433
• CVE-2025-30434
• CVE-2025-30435
• CVE-2025-30437
• CVE-2025-30438
• CVE-2025-30439
• CVE-2025-30441
• CVE-2025-30443
• CVE-2025-30444
• CVE-2025-30446
• CVE-2025-30447
• CVE-2025-30449
• CVE-2025-30450
• CVE-2025-30451
• CVE-2025-30452
• CVE-2025-30454
• CVE-2025-30455
• CVE-2025-30456
• CVE-2025-30457
• CVE-2025-30458
• CVE-2025-30460
• CVE-2025-30461
• CVE-2025-30462
• CVE-2025-30463
• CVE-2025-30464
• CVE-2025-30465
• CVE-2025-30467
• CVE-2025-30469
• CVE-2025-30470
• CVE-2025-30471
• CVE-2025-31182
• CVE-2025-31183
• CVE-2025-31184
• CVE-2025-31187
• CVE-2025-31188
• CVE-2025-31191
• CVE-2025-31192
• CVE-2025-31194

Source

• Apple

Related Link

• https://support.apple.com/en-us/122345
• https://support.apple.com/en-us/122346
• https://support.apple.com/en-us/122371
• https://support.apple.com/en-us/122372
• https://support.apple.com/en-us/122373
• https://support.apple.com/en-us/122374
• https://support.apple.com/en-us/122375
• https://support.apple.com/en-us/122377
• https://support.apple.com/en-us/122378
• https://support.apple.com/en-us/122379
• https://support.apple.com/en-us/122380
• https://support.apple.com/en-us/122376