Apple has issued an urgent security advisory regarding three critical zero-day vulnerabilities, which have been actively exploited in sophisticated attacks. These vulnerabilities, CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, affect a broad range of Apple devices, including iPhones, iPads, Macs, and other platforms. Apple strongly advises users to update their devices immediately to mitigate the risk of exploitation and enhance their security posture. These vulnerabilities, being actively exploited, underscore the growing sophistication of cyberattacks targeting Apple’s ecosystem.
The first vulnerability, CVE-2025-24200, relates to an authorization flaw that can be exploited in a cyber-physical attack to bypass USB Restricted Mode on locked devices. This feature, designed to block unauthorized access by forensic tools, can be circumvented if an attacker has physical access to the device. Discovered by Bill Marczak of The Citizen Lab, this flaw has reportedly been used in highly targeted attacks against specific individuals.
It highlights the increasing threat of physical device compromise alongside remote attacks.
The second vulnerability, CVE-2025-24201, affects WebKit, the browser engine behind Safari and other iOS applications. This out-of-bounds write vulnerability enables maliciously crafted web content to break out of the Web Content sandbox, potentially allowing attackers to execute unauthorized actions on the device. Apple describes this vulnerability as an extension of a previously blocked attack in iOS 17.2, but older versions remain vulnerable.
It is a high-risk flaw, as it does not require physical access to exploit, making it a more significant threat to a wider range of users.
The third vulnerability, CVE-2025-24085, is a use-after-free flaw in the CoreMedia component, which handles audio and video playback across Apple platforms. This vulnerability allows malicious applications to escalate privileges and gain unauthorized access to sensitive system areas. Affected devices include iPhones, iPads, Macs, and other Apple systems running older versions of iOS and macOS before the patch was applied. Apple has responded swiftly by releasing patches for all three vulnerabilities, urging users to update their devices as soon as possible to avoid potential attacks.
