Apple's recent security updates retroactively fix three zero-day vulnerabilities impacting legacy versions of iOS and iPadOS. Notably, CVE-2025-24200 allows attackers to disable USB Restricted Mode, which is crucial for preventing unauthorized access. This flaw may have been exploited in targeted attacks against high-profile individuals, pointing to potential state-sponsored involvement. Two other vulnerabilities, CVE-2025-24201 and CVE-2025-24085, were addressed to enhance WebKit security and handle media correctly. Apple's swift response demonstrates the urgent need to protect users from increasingly sophisticated cyber threats.
CVE-2025-24200 has critical implications as it disables USB Restricted Mode, designed to prevent unauthorized data access on locked iPhones and iPads, hinting at attacks involving state-sponsored actors.
CVE-2025-24201 exploits vulnerabilities in WebKit which can allow malicious code to escape from the browser sandbox, compromising system components, thus revealing the need for stringent browser security.
The series of security updates not only addressed CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 but highlights the importance of protecting users from increasingly sophisticated cyber threats.
Updates were retroactively applied to older versions, emphasizing Apple's commitment to securing devices against specifically targeted attacks that may endanger vulnerable individuals like journalists and officials.
Collection
[
|
...
]