Full Report
The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities. The post Apple issues fixes for vulnerabilities in both old and new OS versions appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Apple Security Updates Address Multiple Flaws Including Two Actively Exploited Zero-Days
## CVE Details
- CVE ID: CVE-2025-24221, CVE-2025-24245, CVE-2025-24201, CVE-2025-24200 (Multiple listed, specific scores/CWEs not detailed for all)
- CVSS Score: Not explicitly provided for all, but two are critical zero-days.
- CWE: Not explicitly provided.
## Affected Systems
- **Products:** iOS, iPadOS, macOS, Safari (WebKit engine)
- **Versions:**
- iOS 18.4 and iPadOS 18.4 (62 vulnerabilities addressed)
- macOS Sequoia 15.4 (131 vulnerabilities addressed)
- Safari 18.4 (14 vulnerabilities addressed)
- Older OS versions requiring zero-day patches: iOS 15.8.4, iOS 16.7.11, iPadOS 15.8.4, iPadOS 16.7.11
- **Configurations:** N/A (General software flaws)
## Vulnerability Description
Apple addressed numerous vulnerabilities, including two zero-day flaws that were actively exploited:
1. **CVE-2025-24201 (WebKit Zero-Day):** Allows an attacker to break out of the Web Content sandbox within the WebKit web browser engine, potentially leading to unauthorized actions on the system.
2. **CVE-2025-24200 (Physical Access Zero-Day):** Allows an attacker with physical access to a locked device to disable USB Restricted Mode.
3. **CVE-2025-24221:** Could allow sensitive keychain data to be accessed from an iOS backup.
4. **CVE-2025-24245:** Could allow an attacker using a malicious application to access a user’s saved passwords in macOS.
## Exploitation
- **Status:** Actively exploited in the wild (CVE-2025-24201 and CVE-2025-24200) in an "extremely sophisticated attack against specific target individuals."
- **Complexity:** Likely Low to Medium for the zero-days, given the successful exploitation.
- **Attack Vector:**
- CVE-2025-24201: Likely Remote/Network via web content interaction.
- CVE-2025-24200: Physical access required.
## Impact
Impact levels are inferred based on the description:
- **Confidentiality:** High (Keychain data exposure, password access via CVE-2025-24221/CVE-2025-24245, unauthorized actions via sandbox escape).
- **Integrity:** High (Ability to bypass security restrictions or execute unauthorized actions).
- **Availability:** Not directly stated, but severe security flaws impacting core OS functions can impact reliability.
## Remediation
### Patches
Apple released emergency patches for the zero-days and comprehensive updates for all listed operating system versions:
- iOS 18.4
- iPadOS 18.4
- macOS Sequoia 15.4
- Safari 18.4
- iOS 15.8.4 / iPadOS 15.8.4 (Older platform zero-day fix)
- iOS 16.7.11 / iPadOS 16.7.11 (Older platform zero-day fix)
### Workarounds
No user-specific workarounds were mentioned, as emergency patches were released immediately for the actively exploited vulnerabilities.
## Detection
- **Indicators of Compromise (IOC):** Specific IOCs are not detailed in this summary, but monitoring for successful WebKit sandbox escapes or unauthorized physical access attempts disabling USB Restricted Mode should be prioritized.
- **Detection Methods and Tools:** Standard endpoint detection and response (EDR) tools should monitor for unusual process execution stemming from web content or unauthorized system configuration changes following physical device access. Patching itself is the primary mitigation.
## References
- Vendor Advisory (General): https support: //support.apple.com/en-us/100100
- iOS 18.4/iPadOS 18.4 Advisory: https support: //support.apple.com/en-us/122371
- macOS Sequoia 15.4 Advisory: https support: //support.apple.com/en-us/122373
- CVE-2025-24201 (WebKit Zero-Day): https nvd.nist.gov/vuln/detail/CVE-2025-24201