Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks

Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks. 

These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to update their devices immediately to mitigate potential security risks.

Significant Vulnerabilities Under Active Exploitation

CVE-2025-24200

The first vulnerability, tracked as CVE-2025-24200, is an authorization flaw that can be exploited in a physical attack to disable USB Restricted Mode on a locked device. 

According to Apple’s advisory, this vulnerability “may have been exploited in an extremely sophisticated attack against specific targeted individuals”. 

The flaw was discovered and reported by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School.

A malicious actor can disable USB Restricted Mode on a locked device as part of a cyber-physical attack. 

USB Restricted Mode, introduced in iOS 11.4.1, prevents iOS and iPadOS devices from communicating with connected accessories if the device hasn’t been unlocked within the past hour – a critical security feature designed to thwart forensic tools.

CVE-2025-24201

The second vulnerability, CVE-2025-24201, affects WebKit, the browser engine powering Safari and many iOS applications. 

This out-of-bounds write issue could allow maliciously crafted web content to break out of the Web Content sandbox.

Apple describes this as “a supplementary fix for an attack that was blocked in iOS 17.2” and acknowledges that it “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2”.

CVE-2025-24085

The third zero-day, CVE-2025-24085, is a use-after-free vulnerability in the CoreMedia component – a framework that manages audio and video playback across Apple products. 

As detailed in Apple’s advisory, “A malicious application may be able to elevate privileges”. This vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, watchOS, and tvOS.

The flaw has been actively exploited against older versions of iOS before iOS 17.2.

The summary of the Vulnerabilities is given below:

Mitigation Steps

Apple has released patches for all three vulnerabilities across its operating systems and devices:

• iPhones and iPads: Update to iOS 18.3/iPadOS 18.3 or later.
• Macs: Install macOS Sequoia 15.3 or later.
• Apple Watches: Use watchOS 11.3 or newer.
• Apple TVs: Update to tvOS 18.3.
• Apple Vision Pro: Apply visionOS 2.3 updates.

To update your device:

• Navigate to Settings > General > Software Update.
• Enable automatic updates for future patches.

Recommendations

To further protect against exploitation:

• Avoid installing untrusted applications or kernel extensions.
• Enable Lockdown Mode on compatible devices to reduce attack surfaces.
• Regularly monitor for software updates and apply them promptly.

The discovery of these zero-day vulnerabilities highlights the increasing sophistication of cyberattacks targeting Apple’s ecosystem. 

While Apple’s swift response underscores its commitment to user security, users must remain vigilant by keeping their devices updated and following best practices for cybersecurity.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free