Apple has released backported security patches for older iOS, iPadOS, and macOS versions to address three exploited zero-day vulnerabilities. The updates cover iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, iPadOS 15.8.4, and macOS Sonoma 14.7.5. Originally fixed in March for the latest OS versions, these patches now extend protection to legacy devices. Apple confirms that some flaws have been actively exploited in targeted attacks.

Three critical vulnerabilities have been identified: CVE-2025-24085 (7.3 CVSS) allowing privilege escalation via Core Media, CVE-2025-24200 (4.6 CVSS) enabling USB Restricted Mode bypass through Accessibility, and CVE-2025-24201 (8.8 CVSS) permitting sandbox escape via malicious WebKit content.

CVE-2025-24201 (CVSS score: 8.8) – One of the most critical vulnerabilities addressed which exists in WebKit, the browser engine powering Safari and many third-party apps on Apple platforms. An attacker could exploit it using malicious web content to escape the Web Content sandbox. Apple issued this fix as an extra precaution after mitigating a similar attack in iOS 17.2.

CVE-2025-24200 (CVSS score: 4.6) – Apple has released emergency security updates to patch a zero-day vulnerability tracked as CVE-2025-24200, which the company believes was exploited in “extremely sophisticated” targeted attacks. This flaw could have allowed attackers to disable USB Restricted Mode on a locked device, bypassing a key security feature introduced in iOS 11.4.1.

USB Restricted Mode is designed to protect iPhones from unauthorized data access via the Lightning port. It automatically disables data transfer after a specified period of inactivity, while still allowing the device to charge. To resume data transfer, the user must input the device’s passcode. This vulnerability posed a significant security risk, as it undermined the intended protection. Apple addressed the issue by enhancing state management to reinforce the integrity of the security feature.

CVE-2025-24085 (CVSS score: 7.3) – This privilege escalation vulnerability affects the Core Media framework, which handles multimedia tasks like playback and recording on iOS and macOS devices. The flaw stems from a use-after-free issue, where freed memory is improperly accessed, potentially allowing malicious applications to escalate privileges and execute arbitrary code. This could compromise device security by granting unauthorized access to system resources. Apple addressed the vulnerability with improved memory management to prevent such issues and protect users from potential exploits.

The release of these backported patches highlights Apple’s continued commitment to securing older hardware. However, the exploitation of these zero-day vulnerabilities serves as a stark reminder of the constantly evolving threat landscape faced by both end-users and security professionals. Apple strongly urges users on the following versions of iOS, iPadOS, or macOS to update their systems immediately:

iOS / iPadOS 16.7.11

iOS / iPadOS 15.8.4

macOS Sonoma 14.7.5

As cybercriminals increasingly target unpatched legacy systems, timely updates are more critical than ever. Both organizations and individual users are advised to prioritize these updates to ensure the security and integrity of their devices amid growing cyber threats.