Apple on Monday announced patches for dozens of vulnerabilities across its desktop and mobile products, including two recent zero-days that remained unaddressed in older iPhones.
The first exploited flaw, tracked as CVE-2025-24201 (CVSS score of 8.8) is described as an out-of-bounds write issue in WebKit that allows attackers to craft web content that would break out of the Web Content sandbox.
On March 11, the tech giant announced that iOS 18.3.2 and iPadOS 18.3.2, as well as Safari 18.3.1, were rolled out with fixes for the flaw. Now, the company released the patches for iOS 16.7.11 and iPadOS 16.7.11, and iOS 15.8.4 and iPadOS 15.8.4 as well.
The updates also resolve CVE-2025-24200, a medium-severity authorization bug that could allow a physical attacker to disable USB Restricted Mode on a locked device, and which was fixed in February with the release of iOS 18.3.1 and iPadOS 18.3.1.
Apple says it received reports that both issues have been exploited in sophisticated attacks against specific users. The WebKit bug was exploited against iOS versions before 17.2.
On Monday, the company rolled out new security updates for the latest generation mobile devices, resolving 60 vulnerabilities with iOS 18.4 and iPadOS 18.4, and 38 flaws with iPadOS 17.7.6.
The platform refresh includes patches for 60 issues that could lead to arbitrary code execution, crashes, privilege escalation, information leak, sandbox escape, unauthorized access, preferences bypass, denial-of-service, memory corruption, user tracking, spoofing, and cross-site scripting attacks.
macOS Sequoia 15.4 was released on Monday to address over 130 bugs, macOS Sonoma 14.7.5 to patch over 90 flaws, and macOS Ventura 13.7.5 to fix roughly 85 security defects. Apple also announced the release of security updates for Safari, Xcode, tvOS, and visionOS.
The updates for macOS Sonoma and macOS Ventura include fixes for CVE-2025-24085, a bug in CoreMedia that leads to privilege escalation, and which was resolved in iOS in January, after being exploited in the wild.
Users are advised to update their devices and applications as soon as possible. Additional information can be found on Apple’s security releases page.
Related: New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
Related: Apple Patches First Exploited iOS Zero-Day of 2025
Related: Apple Pushes Major iOS, macOS Security Updates
Related: Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products
