CVE-2025-24200

Apple fixes two zero-days exploited in targeted iPhone attacks By Lawrence Abrams April 16, 2025 02:06 PM 0 Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. "Apple is aware of a report that this issue may have been exploited ...

Apple backports zero-day patches to older iPhones and Macs By Bill Toulas April 1, 2025 09:35 AM 0 Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. At the same time, the consumer tech giant released security updates for the latest stable iOS, iPadOS, and macOS, addressing numerous security flaws. Backporting zero-day fixes The first backport concerns CVE-2025-24200, a f...

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks By Sergiu Gatlan March 11, 2025 02:43 PM 0 Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. The vulnerability is tracked as CVE-2025-24201 and was found in the WebKit cross-platform web browser engine used by Apple's Safari web browser and many other apps and web browsers on macOS, iOS, Linux, and Windows. "This is a suppleme...

Serbian police used Cellebrite zero-day hack to unlock Android phones By Bill Toulas February 28, 2025 11:27 AM 0 Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. Cellebrite is an Israeli digital forensics company that develops tools used by law enforcement, intelligence agencies, and private companies to extract data from smartphones and other digital ...

Apple fixes zero-day exploited in 'extremely sophisticated' attacks By Sergiu Gatlan February 10, 2025 02:08 PM 0 Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. "A physical attack may disable USB Restricted Mode on a locked device," the company revealed in an advisory targeting iPhone and iPad users.  "Apple is aware of a report that this issue may have been exploited in a...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes

Apple has delivered a big batch of OS updates, some of which belatedly patch older versions of its operating systems to address exploited-in-the-wild flaws the iGiant earlier fixed in more recent releases. The most significant fix addresses CVE-2025-24200, a hole in USB Restricted Mode – the security feature introduced back in 2018 to lock down the Lightning or USB-C port if an iDevice has been locked for over an hour. The vulnerability allowed attackers with physical access to a locked device...