{"id":630,"date":"2025-04-02T18:19:47","date_gmt":"2025-04-02T18:19:47","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4300643"},"modified":"2025-04-02T18:19:47","modified_gmt":"2025-04-02T18:19:47","slug":"still-using-an-older-version-of-ios-or-ipados-update-now-to-patch-these-critical-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/04\/02\/still-using-an-older-version-of-ios-or-ipados-update-now-to-patch-these-critical-security-vulnerabilities\/","title":{"rendered":"Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities"},"content":{"rendered":"
\"Apple
Image: ink drop\/Adobe Stock<\/figcaption><\/figure>\n

On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems.<\/p>\n

<\/span>CVE-2025-24200<\/span><\/h2>\n

The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11<\/a>, iPadOS 16.7.11, iOS 15.8.4<\/a>, and iPadOS 15.8.4.<\/p>\n

CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is a security feature designed to block unauthorised data access through the USB port when the iPhone or iPad is locked for over an hour.<\/p>\n

Apple said CVE-2025-24200 \u201cmay have been exploited in an extremely sophisticated attack against specific targeted individuals,\u201d hinting at potential involvement from state-sponsored actors aiming to surveil high-value targets such as government officials, journalists, or senior business executives. Although initially patched on February 10 in iOS 18.3.1, iPadOS 18.3.1, and iPad 17.7.5, the vulnerability remained unresolved in older operating systems until now.<\/p>\n

SEE: Critical Zero-Day Vulnerabilities Found in These VMware Products<\/a><\/strong><\/p>\n

<\/span>CVE-2025-24201<\/span><\/h2>\n

The second flaw, CVE-2025-24201, was also patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4.<\/p>\n

This flaw is in WebKit, the browser engine used by Safari to render web pages. It allows malicious code running inside the Web Content sandbox \u2014  an isolated environment intended to contain browser-based threats \u2014 to escape and compromise broader system components.<\/p>\n

CVE-2025-24201 was first mitigated in iOS 17.2<\/a> in late 2023, followed by a supplemental patch<\/a> in iOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. The flaw has now been retrospectively addressed in iOS and iPadOS 15 and 16.<\/p>\n