Apple Products Multiple Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system.
Note:
CVE-2025-24085 is being exploited in the wild, a malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVE-2025-24200 is being exploited in the wild, a physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
CVE-2025-24201 is being exploited in the wild, maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)
[Updated on 2025-04-02]
Updated System / Technologies affected, Solutions and Related Links
Impact
- Denial of Service
- Remote Code Execution
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
- Cross-Site Scripting
- Spoofing
System / Technologies affected
- Versions prior to Safari 18.4
- Versions prior to Xcode 16.3
- Versions prior to iOS 18.4 and iPadOS 18.4
- Versions prior to iPadOS 17.7.6
- Versions prior to iOS 16.7.11 and iPadOS 16.7.11
- Versions prior to iOS 15.8.4 and iPadOS 15.8.4
- Versions prior to macOS Sequoia 15.4
- Versions prior to macOS Sonoma 14.7.5
- Versions prior to macOS Ventura 13.7.5
- Versions prior to tvOS 18.4
- Versions prior to visionOS 2.4
- Versions prior to watchOS 11.4
For CVE-2025-24200 and CVE-2025-24201
- Versions prior to iOS 16.7.11 and iPadOS 16.7.11
- Versions prior to iOS 15.8.4 and iPadOS 15.8.4
For CVE-2025-24085
- Versions prior to macOS Sonoma 14.7.5
- Versions prior to macOS Ventura 13.7.5
- Versions prior to iPadOS 17.7.6
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- Safari 18.4
- Xcode 16.3
- iOS 18.4 and iPadOS 18.4
- iPadOS 17.7.6
- iOS 16.7.11 and iPadOS 16.7.11
- iOS 15.8.4 and iPadOS 15.8.4
- macOS Sequoia 15.4
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5
- tvOS 18.4
- visionOS 2.4
- WatchOS 11.4
Vulnerability Identifier
- CVE-2023-27043
- CVE-2024-9681
- CVE-2024-40864
- CVE-2024-48958
- CVE-2024-54502
- CVE-2024-54508
- CVE-2024-54533
- CVE-2024-54534
- CVE-2024-54543
- CVE-2024-56171
- CVE-2025-24085
- CVE-2025-24093
- CVE-2025-24095
- CVE-2025-24097
- CVE-2025-24113
- CVE-2025-24139
- CVE-2025-24148
- CVE-2025-24157
- CVE-2025-24163
- CVE-2025-24164
- CVE-2025-24167
- CVE-2025-24170
- CVE-2025-24172
- CVE-2025-24173
- CVE-2025-24178
- CVE-2025-24180
- CVE-2025-24181
- CVE-2025-24182
- CVE-2025-24190
- CVE-2025-24191
- CVE-2025-24192
- CVE-2025-24193
- CVE-2025-24194
- CVE-2025-24195
- CVE-2025-24196
- CVE-2025-24198
- CVE-2025-24199
- CVE-2025-24200
- CVE-2025-24201
- CVE-2025-24202
- CVE-2025-24203
- CVE-2025-24204
- CVE-2025-24205
- CVE-2025-24207
- CVE-2025-24208
- CVE-2025-24209
- CVE-2025-24210
- CVE-2025-24211
- CVE-2025-24212
- CVE-2025-24213
- CVE-2025-24214
- CVE-2025-24215
- CVE-2025-24216
- CVE-2025-24217
- CVE-2025-24218
- CVE-2025-24221
- CVE-2025-24226
- CVE-2025-24228
- CVE-2025-24229
- CVE-2025-24230
- CVE-2025-24231
- CVE-2025-24232
- CVE-2025-24233
- CVE-2025-24234
- CVE-2025-24235
- CVE-2025-24236
- CVE-2025-24237
- CVE-2025-24238
- CVE-2025-24239
- CVE-2025-24240
- CVE-2025-24241
- CVE-2025-24242
- CVE-2025-24243
- CVE-2025-24244
- CVE-2025-24245
- CVE-2025-24246
- CVE-2025-24247
- CVE-2025-24248
- CVE-2025-24249
- CVE-2025-24250
- CVE-2025-24253
- CVE-2025-24254
- CVE-2025-24255
- CVE-2025-24256
- CVE-2025-24257
- CVE-2025-24259
- CVE-2025-24260
- CVE-2025-24261
- CVE-2025-24262
- CVE-2025-24263
- CVE-2025-24264
- CVE-2025-24265
- CVE-2025-24266
- CVE-2025-24267
- CVE-2025-24269
- CVE-2025-24272
- CVE-2025-24273
- CVE-2025-24276
- CVE-2025-24277
- CVE-2025-24278
- CVE-2025-24279
- CVE-2025-24280
- CVE-2025-24281
- CVE-2025-24282
- CVE-2025-24283
- CVE-2025-27113
- CVE-2025-30424
- CVE-2025-30425
- CVE-2025-30426
- CVE-2025-30427
- CVE-2025-30428
- CVE-2025-30429
- CVE-2025-30430
- CVE-2025-30432
- CVE-2025-30433
- CVE-2025-30434
- CVE-2025-30435
- CVE-2025-30437
- CVE-2025-30438
- CVE-2025-30439
- CVE-2025-30441
- CVE-2025-30443
- CVE-2025-30444
- CVE-2025-30446
- CVE-2025-30447
- CVE-2025-30449
- CVE-2025-30450
- CVE-2025-30451
- CVE-2025-30452
- CVE-2025-30454
- CVE-2025-30455
- CVE-2025-30456
- CVE-2025-30457
- CVE-2025-30458
- CVE-2025-30460
- CVE-2025-30461
- CVE-2025-30462
- CVE-2025-30463
- CVE-2025-30464
- CVE-2025-30465
- CVE-2025-30467
- CVE-2025-30469
- CVE-2025-30470
- CVE-2025-30471
- CVE-2025-31182
- CVE-2025-31183
- CVE-2025-31184
- CVE-2025-31187
- CVE-2025-31188
- CVE-2025-31191
- CVE-2025-31192
- CVE-2025-31194
Source
Related Link
- https://support.apple.com/en-us/122345
- https://support.apple.com/en-us/122346
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- https://support.apple.com/en-us/122377
- https://support.apple.com/en-us/122378
- https://support.apple.com/en-us/122379
- https://support.apple.com/en-us/122380
- https://support.apple.com/en-us/122376
Related Tags
Share with