Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.
These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to update their devices immediately to mitigate potential security risks.
Significant Vulnerabilities Under Active ExploitationCVE-2025-24200The first vulnerability, tracked as CVE-2025-24200, is an authorization flaw that can be exploited in a physical attack to disable USB Restricted Mode on a locked device.
According to Appleβs advisory, this vulnerability βmay have been exploited in an extremely sophisticated attack against specific targeted individualsβ.
The flaw was discovered and reported by Bill Marczak of The Citizen Lab at The University of Torontoβs Munk School.
A malicious actor can disable USB Restricted Mode on a locked device as part of a cyber-physical attack.
USB Restricted Mode, introduced in iOS 11.4.1, prevents iOS and iPadOS devices from communicating with connected accessories if the device hasnβt been unlocked within the past hour β a critical security feature designed to thwart forensic tools.
CVE-2025-24201The second vulnerability, CVE-2025-24201, affects WebKit, the browser engine powering Safari and many iOS applications.
This out-of-bounds write issue could allow maliciously crafted web content to break out of the Web Content sandbox.
Apple describes this as βa supplementary fix for an attack that was blocked in iOS 17.2β and acknowledges that it βmay have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2β.
CVE-2025-24085The third zero-day, CVE-2025-24085, is a use-after-free vulnerability in the CoreMedia component β a framework that manages audio and video playback across Apple products.
As detailed in Appleβs advisory, βA malicious application may be able to elevate privilegesβ. This vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, watchOS, and tvOS.
The flaw has been actively exploited against older versions of iOS before iOS 17.2.
The summary of the Vulnerabilities is given below:
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 ScoreCVE-2025-24200 iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5 (iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch, etc.) Bypass USB Restricted Mode on locked devices Physical access to the device 6.1 (Medium)CVE-2025-24201 iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, Safari 18.3 Escape Web Content sandbox via malicious web content None 8.1 (High)CVE-2025-24085 iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 Privilege escalation through use-after-free vulnerability in CoreMedia Malicious application already installed 7.8 (High)Mitigation StepsApple has released patches for all three vulnerabilities across its operating systems and devices:
iPhones and iPads: Update to iOS 18.3/iPadOS 18.3 or later.Macs: Install macOS Sequoia 15.3 or later.Apple Watches: Use watchOS 11.3 or newer.Apple TVs: Update to tvOS 18.3.Apple Vision Pro: Apply visionOS 2.3 updates.To update your device:
Navigate to Settings > General > Software Update.Enable automatic updates for future patches.RecommendationsTo further protect against exploitation:
Avoid installing untrusted applications or kernel extensions.Enable Lockdown Mode on compatible devices to reduce attack surfaces.Regularly monitor for software updates and apply them promptly.The discovery of these zero-day vulnerabilities highlights the increasing sophistication of cyberattacks targeting Appleβs ecosystem.
While Appleβs swift response underscores its commitment to user security, users must remain vigilant by keeping their devices updated and following best practices for cybersecurity.