Apple just finally patched a whole host of OS security issues on older devices, so update now

Apple has backported fixes for three security vulnerabilities
At least two were being used in “highly sophisticated attacks”
Older iOS, iPadOS, and macOS versions are now protected

Apple has backported three major vulnerability fixes to older versions of its operating systems to fix issues reportedly beingabused in the wild, with some of the incidents being described as “highly sophisticated”.

The three flaws are tracked as CVE-2025-24200, CVE-2024-24201, and CVE-2025-24085. The former is a bug that allows malicious actors to disable the “USB Restricted Mode” on locked devices.

When it first released a patch, in mid-February 2025, the company said it was “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

WebKit sandbox

USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than one hour. This helps protect against hacking tools that try to bypass passcodes or extract data via USB connections.

This bug was fixed in iOS 18.3.1 and iPadOS 18.3.1.

The second issue, tracked as CVE-2025-24201, is a bug enabling attackers to break out of the Web Content sandbox in the WebKit engine. Apple patched this one in mid-March and, once again, warned users about sophisticated attacks:

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2,” the company said at the time.

Fixes for both flaws are now incorporated in iOS 16.7.11 and 15.8.4, as well as iPadOS versions 16.7.11 and 15.8.4.

The third bug is a privilege escalation vulnerability in Apple’s Code Media framework, which CyberInsider described as “among the most critical fixes”. It was patched in late January this year, and has now made its way to iPadOS 17.7.6, and macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/wBA63zhGK4GEWGaAEY7UHd-1200-80.jpg

Source link

What is the release date for Marshals: A Yellowstone Story episode 6 on CBS and Paramount+?

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

This new ‘laughing rat’ malware will steal your data and hack your systems — and then laugh at you while doing it

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Netflix’s Near-Perfect 8-Part Horror Thriller Hits 28M Hours Watched in Just 1 Week

One Deranged Pokémon Pokopia Player Has Slurped Up the Entire Ocean

Who Is Todd Blanche? All About the Acting AG After Pam Bondi Was Fired – Hollywood Life

Meryl Streep Recalls ‘Devil Wears Prada’ Being Dubbed As “Chick Flick”

Form DEF 14A CORBUS PHARMACEUTICALS HOLDINGS For: 2 April

Form S-3 Taoweave Inc For: 2 April

Form DEF 14A CLEVELAND-CLIFFS INC. For: 2 April

Cherry Jonathan, Perpetua Resources CEO, sells $119555 in shares

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Apple just finally patched a whole host of OS security issues on older devices, so update now

Form DEF 14A CORBUS PHARMACEUTICALS HOLDINGS For: 2 April

Netflix’s Near-Perfect 8-Part Horror Thriller Hits 28M Hours Watched in Just 1 Week

Form S-3 Taoweave Inc For: 2 April

One Deranged Pokémon Pokopia Player Has Slurped Up the Entire Ocean