Apple developers have released a whole batch of operating system updates, including for previous generation platforms. Vulnerabilities actively exploited by attackers have been closed, but the errors were first corrected in the current OS.
The most serious vulnerability is CVE-2025-24200 and is a bug in USB Restricted Mode, a security feature introduced in 2018 that blocks Lightning or USB Type-C ports if the device itself has been locked for more than an hour. The vulnerability allowed attackers with physical access to a locked device to disable USB Restricted Mode and subsequently disclose user data. In February, Apple patched the vulnerability in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5, warning that it was exploited in an “extremely sophisticated attack against specific target individuals.” Patches have now been released for iOS 16.7.11 and 15.8.4, as well as iPadOS 16.7.11 and 15.8.4.
Another exploitable vulnerability, CVE-2025-24201, allowed malicious web content to perform operations outside the Safari WebKit browser engine sandbox — it has now been patched in iOS 16.7.11 and 15.8.4 and the corresponding versions of iPadOS. The latest update to macOS Ventura released in 2019 fixed a privilege escalation vulnerability in CoreMedia — it was patched with the macOS Ventura 13.7.5 update. More than 90 vulnerabilities were closed with the release of macOS Sonoma 14.7.5; more than 120 bugs in AirDrop, App Store, Dock, and the kernel were fixed in macOS Sequoia 15.4.
For the current iOS and iPadOS 18.4, 60 vulnerabilities were fixed, none of which were exploited by hackers; 35 fixes were included in the visionOS 2.4 update. In the Safari 18.4 browser, 14 vulnerabilities were closed, none of which were exploited, and seven were related to WebKit. Several patches were released for the Xcode 16.3 development environment; more than 40 vulnerabilities were closed in Apple tvOS 18.4.