Apple has recently resolved a series of security issues in the operating system of older devices, so update your equipment now.

Apple has implemented security enhancements in earlier versions of its operating systems to address three critical vulnerabilities, at least two of which were being exploited in attacks considered "highly sophisticated." The flaws are identified as CVE-2025-24200, CVE-2024-24201, and CVE-2025-24085. The first of these vulnerabilities allows malicious actors to disable "USB Restricted Mode" on locked devices.

The initial patch was released in February 2025, and the company acknowledged that this issue could have been used in a complex attack targeting specific individuals. USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than an hour, thus protecting against hacking tools that attempt to bypass passcodes or extract data via USB connections. This vulnerability was resolved in iOS 18.3.1 and iPadOS 18.3.1.

The second vulnerability, CVE-2025-24201, allows attackers to escape the web content sandbox within the WebKit engine. This issue was fixed in mid-March, and users were again alerted to sophisticated attacks, indicating that it was vulnerable to exploitation in iOS versions prior to 17.2. The fixes for these two flaws are now included in iOS 16.7.11 and 15.8.4, as well as in iPadOS versions 16.7.11 and 15.8.4.

The third flaw involves a privilege escalation vulnerability in Apple’s MediaCode framework, which was deemed "one of the most critical fixes." This bug was addressed in late January of this year and is now available in iPadOS 17.7.6, in addition to macOS versions 14.7.5 (Sonoma) and 13.7.5 (Ventura).