Apple Releases Critical Security Updates for Legacy Devices
Apple has taken significant steps to address critical security vulnerabilities by backporting fixes to older models and prior operating system versions. On Monday, the company rolled out updates aimed at mitigating three specific vulnerabilities that have been reported as actively exploited in real-world attacks.
The first vulnerability, identified as CVE-2025-24085, is a use-after-free condition within the Core Media component. This flaw poses a risk as it could enable a malicious application installed on affected devices to gain elevated privileges. The Common Vulnerability Scoring System (CVSS) rates this vulnerability with a score of 7.3, indicating its significant threat level.
The second identified risk, CVE-2025-24200, pertains to an authorization issue in the Accessibility component. This vulnerability could potentially allow an attacker to circumvent USB Restricted Mode on a locked device, making it easier for them to conduct cyber-physical attacks. Rated at a CVSS score of 4.6, it highlights a moderate risk to device security.
Lastly, CVE-2025-24201 presents an out-of-bounds write issue in the WebKit component, which has a CVSS score of 8.8. This serious flaw allows attackers to create malicious web content capable of breaking out from the Web Content sandbox, further amplifying cybersecurity risks for users. These vulnerabilities exemplify a concerted effort by adversaries to exploit weaknesses for unauthorized access and privilege escalation, aligning with tactics outlined in the MITRE ATT&CK framework.
The updates are specifically available for various operating system versions, which include macOS Sonoma 14.7.5, macOS Ventura 13.7.5, and iPadOS 17.7.6 for the first vulnerability, and iOS 15.8.4 alongside iOS 16.7.11 for the latter two vulnerabilities. The devices receiving these updates span a range of older iPhones and iPads, such as the iPhone 6s through 8, as well as select iPad models. This proactive measure protects a broad user base still utilizing older Apple’s hardware.
In conjunction with these backported fixes, Apple has also released operating system updates that address a plethora of additional security flaws across its platforms. Specifically, iOS 18.4 and iPadOS 18.4 have been released to resolve 62 bugs, while updates for macOS Sequoia, tvOS, visionOS, and Safari target hundreds of vulnerabilities collectively.
Although currently none of the newly disclosed vulnerabilities appear to be under active exploitation, industry experts advocate for users to promptly update their devices. Adopting the latest software versions is a critical precautionary measure, reinforcing defense against future threats while simultaneously addressing existing vulnerabilities.
For business owners concerned about cybersecurity, these updates underscore the persistent and evolving threat landscape. The risk of exploitation remains high, emphasizing the importance of maintaining device security through regular updates and vigilance against emerging threats. By incorporating robust security practices, organizations can better protect their assets and sensitive data from various cyber threats.
