Apple Backports Zero-Day Fixes to Older iOS and macOS Versions
Apple Extends Zero-Day Patches to Older Devices
Apple has released critical security updates that backport fixes for actively exploited zero-day vulnerabilities to older iOS and macOS versions.
These updates follow Apple’s previous security patches for the latest operating systems, ensuring that older devices remain protected against high-risk exploits.
Zero-Day Fixes Now Available for Older iOS and macOS Versions
The first backport addresses CVE-2025-24200, a vulnerability discovered by Citizen Lab that allowed forensic tools to disable USB Restricted Mode on locked devices. Initially fixed in iOS 18.3.1 and iPadOS 18.3.1, Apple has now rolled out patches to:
iOS 16.7.11 and 15.8.4
iPadOS 16.7.11 and 15.8.4
The second vulnerability, CVE-2025-24201, allowed attackers to bypass WebKit’s Web Content sandbox using specially crafted web content. Apple described the attacks exploiting this flaw as “extremely sophisticated”. Initially patched in iOS 18.3.2, iPadOS 18.3.2, and macOS Sequoia 15.3.2, the fix has now been extended to older devices.
Another major fix addresses CVE-2025-24085, a privilege escalation flaw in Apple’s Core Media framework. The vulnerability was first patched in:
iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3
Now, the fix has been extended to:
iPadOS 17.7.6
macOS 14.7.5 (Sonoma) and macOS 13.7.5 (Ventura)
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Latest Security Updates for iOS, macOS, and Safari
Beyond backporting zero-day fixes, Apple has released new security updates for the latest versions of its operating systems and software, addressing dozens of vulnerabilities.
iOS 18.4 and iPadOS 18.4
The latest iOS and iPadOS updates fix 77 vulnerabilities, including:
CVE-2025-30456 – App sandbox bypass allowing root privilege escalation
CVE-2025-24097 – Arbitrary file metadata access
CVE-2025-31182 – Arbitrary file deletion
macOS Sequoia 15.4
Apple’s macOS update patches 123 security flaws, including:
CVE-2025-24228 – Arbitrary code execution with kernel privileges
CVE-2025-24267 – Privilege escalation to root
CVE-2025-24178 – Sandbox escape vulnerability
Safari 18.4
Apple has also addressed 13 security flaws in its latest Safari update, including:
CVE-2025-24213 – WebKit memory corruption
CVE-2025-30427 – WebKit use-after-free issue
CVE-2025-24180 – WebAuthn credential confusion
Trending: Offensive Security Tool: DS Viper
Users Urged to Update Immediately
Although Apple’s latest security bulletin did not disclose any new actively exploited zero-days, users are strongly encouraged to apply updates immediately. These fixes help mitigate potential risks from cyberattacks and enhance overall device security.
To update your Apple device:
✔ Go to Settings > General > Software Update
✔ Download and install the latest available version
✔ Restart your device to apply security patches
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Firefox Update Fixes Sandbox Escape Flaw Similar to Chrome Zero-Day
Chrome Users at Risk: Zero-Day Vulnerability Exploited in Phishing Campaign
Israeli Spyware ‘Graphite’ Exploits WhatsApp: 0-Click Attack Uncovered
Kali Linux 2025.1a Released: New hoaxshell Tool, 2025 Theme Refresh, and NetHunter Updates
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
