Apple has issued an emergency update addressing three zero-day vulnerabilities that are actively being exploited. These flaws affect almost every modern Apple device — from iPhones to MacBooks, Apple Watch, and even the Apple Vision Pro.
What Are the Vulnerabilities?
1. CVE-2025-24200: USB Restricted Mode Bypass
An authorization flaw that allows attackers with physical access to disable USB Restricted Mode on a locked device, potentially facilitating unauthorized data access.
2. CVE-2025-24201: WebKit Out-of-Bounds Write
A vulnerability in the WebKit browser engine that could enable attackers to execute arbitrary code through malicious web content. This flaw has been exploited in "extremely sophisticated" attacks targeting specific individuals.
3. CVE-2025-24085: CoreMedia Use-After-Free
A use-after-free vulnerability in Apple's CoreMedia framework, responsible for handling media processing tasks. Exploitation could allow attackers to seize control of deallocated memory and execute privileged malicious code.
How Were These Vulnerabilities Exploited?
While Apple has not disclosed detailed specifics, the nature of these vulnerabilities suggests a combination of physical access attacks (as in CVE-2025-24200) and remote code execution via malicious web content (as in CVE-2025-24201). The exploitation of CVE-2025-24201 in particular has been described as part of "extremely sophisticated" attacks, indicating a high level of attacker capability and targeting.
Interesting Facts
This marks Apple's third zero-day fix since the start of the year, following patches for CVE-2025-24085 in January and CVE-2025-24200 in February. In 2024, Apple addressed six zero-day vulnerabilities, while in 2023, it patched an alarming total of 20 such flaw.
Apple devices have been targeted in several notable real-world exploits:
1. Pegasus Spyware by NSO Group (2019–2021)
Developed by Israeli cybersecurity firm NSO Group, Pegasus is a spyware tool capable of infiltrating iPhones to access messages, emails, and even activate cameras and microphones. Investigations revealed that thousands of iPhones worldwide were compromised, affecting journalists, activists, and political figures. Notably, in 2019, WhatsApp reported that Pegasus was used to exploit a vulnerability in its app, leading to the surveillance of approximately 1,400 individuals over two weeks.
2. FORCEDENTRY Exploit (2021)
In 2021, the Citizen Lab uncovered a zero-click exploit, dubbed FORCEDENTRY, targeting Apple's iMessage. This exploit allowed attackers to send malicious PDFs disguised as GIFs, leading to device infection without user interaction. The vulnerability was actively used to deploy Pegasus spyware on devices running the latest iOS versions at the time. Apple addressed this with an emergency update in September 2021.
3. Operation Triangulation (2023)
Disclosed in June 2023, Operation Triangulation involved a complex attack chain using four zero-day vulnerabilities to target iOS devices. The attack began with an invisible iMessage containing a malicious attachment, leading to code execution and spyware deployment. The operation's sophistication highlighted the evolving threats against Apple devices.
Final Thoughts
Even if you’re not a security expert, these practical steps can help keep your Apple devices safe from exploitation:
▪️ Update All Devices Immediately
Go to Settings → General → Software Update and install the latest version. These zero-days are actively exploited.
▪️ Don’t Click Suspicious Links
Avoid tapping on unknown links in emails, messages, or social media—even from people you know. Some attacks spread through trusted contacts.
▪️ Enable Lockdown Mode (iOS 16+)
For those at higher risk (journalists, activists, execs), Lockdown Mode disables risky services like message previews and certain web tech.
▪️ Use Strong Device Passcodes
Avoid 4-digit PINs. Use a 6-digit or alphanumeric passcode, and disable USB access when locked (Settings → Face ID & Passcode → USB Accessories OFF).
▪️ Limit App Permissions
Review what apps have access to your microphone, camera, location, and photos. Go to Settings → Privacy & Security.
▪️ Backup Regularly
In case something does go wrong, having a recent iCloud or encrypted local backup ensures you can recover safely.
Stay ahead, stay secure.
Don’t just keep up with trends — be prepared for them!
Test our platform: https://a42.tech/
