Sunday, February 9, 2025
HomeAppleApple Security Update - Patch for iOS Zero-day, MacOS & More

Apple Security Update – Patch for iOS Zero-day, MacOS & More

Published on

SIEM as a Service

Follow Us on Google News

Apple has responded to a newly discovered zero-day vulnerability affecting its operating systems by releasing an array of security updates to protect users from potential exploitation.

The updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, demonstrating Apple’s commitment to user security and privacy.

Patch Details

The updates, released on January 27, 2025, include vital fixes for supported Apple devices, ranging from iPhones and iPads to Macs, Apple TVs, and even the cutting-edge Vision Pro. Among the notable updates are:

  • iOS 18.3 and iPadOS 18.3: Available for iPhone XS and later, as well as a variety of iPad models, these updates address a zero-day vulnerability that could potentially allow attackers to execute arbitrary code on compromised devices. Apple strongly urges all users to update their devices immediately.
  • macOS Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3: Critical patches for macOS users to mitigate vulnerabilities that may impact system stability and security. These updates cover a wide range of Macs, including MacBooks, iMacs, and Mac Studios.
  • watchOS 11.3: Available for Apple Watch Series 6 and later, this update enhances security and ensures compatibility with other recently updated Apple systems.
  • tvOS 18.3 and visionOS 2.3: Updates for Apple TV and the Vision Pro headset include improvements to performance, security, and app compatibility.
  • Safari 18.3: Focused on macOS Ventura and Sonoma, this browser update resolves security vulnerabilities and enhances web browsing performance.

Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Highlighting the Zero-Day Vulnerability

Apple has implemented these updates in response to active exploits targeting vulnerabilities that were identified in late 2024.

Although Apple typically refrains from disclosing specifics about security flaws until an investigation is complete, experts suggest the targeted vulnerabilities allowed attackers to bypass memory protections and compromise devices running outdated software.

Users running older versions of iOS, macOS, or Safari were particularly at risk.This patch rollout further underscores Apple’s use of Rapid Security Responses, which have become a cornerstone of its security strategy.

These responses allow the company to quickly address urgent vulnerabilities without the need for full-scale software updates.

Apple recommends that users enable automatic updates to ensure their devices remain secure. Here’s how you can manually update your devices:

  • iPhone/iPad: Navigate to Settings > General > Software Update.
  • Mac: Open the System Settings and select Software Update.
  • Apple Watch: Use the Watch app on your iPhone and go to General > Software Update.
  • Apple TV: Visit Settings > System > Software Updates.
  • Vision Pro: Updates for visionOS can be applied via the Vision Pro settings menu.

Cybersecurity experts emphasize the importance of keeping devices updated to reduce exposure to malware, ransomware, and other cyber threats.

By rapidly addressing vulnerabilities, Apple continues to safeguard its ecosystem and users worldwide.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...