Stop everything and update your iPhones, iPads and Macs — Apple issues critical fix for zero-day exploits

Apple iPhone 16 held in the hand.
(Image credit: Tom's Guide)

If you've been holding on to your older Apple devices, it's time to go update them now.

On Monday, Apple issued critical fixes for three zero-day exploits that mainly target older iOS and macOS devices. The vulnerabilities have come under active exploitation in the wild on older model devices and previous versions of the operating systems.

In addition to the backported fixes, Apple additionally released iOS 18.4 and iPadOS 18.4 to patch 62 flaws, macOS Sequoia 15.4 to fix 131 flaws, tvOS 18.4 for 36 flaws, visionOS 2.4 for 38 flaws and Safari 18.4, which corrects 14 flaws.

Though none of these newly disclosed shortcomings have come under active exploitation, users are — as always — recommended to update their devices to the latest version in order to protect their devices against potential threats.

What are the zero-day vulnerabilities?

The three zero-day vulnerabilities are:

CVE-2025-24085, which has a CVSS score of 7.3. It’s a use-after-free bug in the Core Media component.

It would permit malicious applications already installed on the device to elevate privileges. It has now been fixed in maxOS Sonoma 14.7.5, macOS Ventura 13.7.5 and iPadOS 17.7.6

CVE-2025-24200 with a CVSS score of 4.6. It uses an authorization issue in the Accessibility component to make it possible for a malicious user to disable the USB Restricted Mode on locked devices during a physical cyber attack. It has been fixed in iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11

CVE-2025-24201 has a CVSS score of 8.8 and is an out-of-bounds write issue in the WebKit component. It could allow an attacker to craft malicious web content in a way that could break out of the Web Content sandbox. It has been fixed on iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11

More from Tom's Guide

TOPICS
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.