Apple Backports Fixes for Three Zero-day Vulnerabilities (CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085)

Posted by Author Diksha Ojha on Posted on

Apple released backported fixes to address three zero-day vulnerabilities exploited in targeted attacks against older iOS, iPadOS, and macOS versions. Tracked as CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085, the vulnerabilities were initially patched in March.

Apple mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited against versions of iOS before iOS 17.2.

CISA also acknowledged the exploitation of the vulnerabilities by adding them to its Known Exploited Vulnerabilities Catalog.

CVE-2025-24200

The authorization flaw requires physical access to the device to successfully exploit the vulnerability. An attacker may exploit the vulnerability to disable USB Restricted Mode on a locked device as part of a cyber physical attack. Apple fixed the vulnerability with improved state management.

CVE-2025-24201

The out-of-bounds write flaw exists in the WebKit browser engine. An attacker may exploit the vulnerability by maliciously crafted web content to break out of the Web Content sandbox. Apple addressed the issue with improved checks to prevent unauthorized actions.

CVE-2025-24085

The use after free vulnerability exists in the CoreMedia component of macOS, iOS, and iPadOS. Successful exploitation of the vulnerability may allow a malicious application to elevate privileges. Apple addressed the vulnerability with improved memory management.

Affected Products and Versions

  • iPad Pro 10.5-inch
  • iPad 6th generation
  • macOS Sonoma before 14.7.5
  • macOS Ventura before 13.7.5
  • iPad Pro 12.9-inch 2nd generation

Mitigation

Apple released the following versions to patch the vulnerabilities:

  • iPadOS 17.7.6
  • macOS Sonoma 14.7.5
  • macOS Ventura 13.7.5
  • iOS 15.8.4 and iPadOS 15.8.4
  • iOS 16.7.11 and iPadOS 16.7.11

For more information, please visit the Apple security advisories for macOS Sonoma, macOS VenturaiOS, and iPadOS.

Qualys Detection

Qualys customers can scan their devices with QIDs 383013 and 383014 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.apple.com/en-us/122345
https://support.apple.com/en-us/122346
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375

Leave a Reply

Your email address will not be published. Required fields are marked *