Apple Issues Warning on Three 0-Day Vulnerabilities Under Active Exploitation

Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities – CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 – which are being actively exploited in the wild.

These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, Apple Watches, and even the Apple Vision Pro.

Users are strongly urged to update their devices immediately to address these serious security risks.

CVE-2025-24200: Bypass USB Restricted Mode

The first vulnerability, CVE-2025-24200, is an authorization flaw that can be exploited in physical attacks.

It specifically allows malicious actors to disable USB Restricted Mode on a locked device.

Details:

• Impact: This vulnerability could be exploited as part of an advanced cyber-physical attack to bypass protections designed to halt unauthorized access to sensitive data.
• Affected Users: Specifically, those who use USB Restricted Mode to protect devices from external forensic tools.
• Background of USB Restricted Mode: Introduced in iOS 11.4.1, USB Restricted Mode blocks data transfer via USB if the device hasn’t been unlocked within the last hour.

Apple has acknowledged that CVE-2025-24200 has been exploited in highly targeted attacks.

CVE-2025-24201: WebKit Exploit

The second vulnerability, CVE-2025-24201, resides in WebKit, the browser engine used by Safari and all iOS browsers.

This flaw is caused by an out-of-bounds write issue that allows maliciously crafted websites to escape the Web Content sandbox.

Details:

• Impact: Attackers could exploit this vulnerability to break out of browser restrictions, potentially compromising the entire device.
• Exploit Technique: Delivered via malicious web content.
• Apple’s Statement: This is an additional fix to patch an earlier exploit blocked in iOS 17.2. Apple confirms the vulnerability has been leveraged in sophisticated targeted attacks on iOS versions older than 17.2.

CVE-2025-24085: CoreMedia Privilege Escalation

The third vulnerability, CVE-2025-24085, is a use-after-free flaw in Apple’s CoreMedia framework, which manages audio and video playback.

Exploiting this vulnerability allows a malicious app to escalate privileges.

Details:

• Impact: The vulnerability could allow attackers to execute privileged actions if they already manage to install a malicious application.
• Affected Devices: Multiple operating systems, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.
• Active Exploitation: Apple confirmed this flaw has been used to target devices running older versions of iOS.

Affected Products

CVE	Affected Products	Impact	CVSS 3.1 Score
CVE-2025-24200	iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, etc.	Bypass USB Restricted Mode	6.1 (Medium)
CVE-2025-24201	iOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, Safari 18.3	Escape Web Content sandbox	8.1 (High)
CVE-2025-24085	iOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, etc.	Privilege escalation via CoreMedia	7.8 (High)

Mitigation Steps

To protect against these vulnerabilities, Apple has released updates across its ecosystem:

1. iPhones and iPads: Update to iOS 18.3/iPadOS 18.3 or later.
2. Macs: Install macOS Sequoia 15.3 or later.
3. Apple Watch: Upgrade to watchOS 11.3.
4. Apple TV: Apply tvOS 18.3 updates.
5. Vision Pro: Install visionOS 2.3 updates.

How to Update:

• Go to Settings > General > Software Update on your device.
• Ensure Automatic Updates are enabled for future security fixes.

To minimize risks associated with these vulnerabilities, Apple recommends the following measures:

• Avoid installing unverified applications or questionable browser extensions.
• Enable Lockdown Mode on devices that support it for maximum security.
• Regularly check for security updates and install them promptly.
• Be cautious when interacting with unfamiliar websites or USB devices.

These zero-day vulnerabilities underscore the growing sophistication of cyberattacks targeting Apple products.

While Apple’s rapid response demonstrates its dedication to user security, users must stay proactive and vigilant.

Keeping devices up to date is crucial to ensuring ongoing protection against emerging security threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free