{"id":2975,"date":"2025-04-01T10:04:16","date_gmt":"2025-04-01T10:04:16","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/04\/01\/apple-warns-of-three-0-day-vulnerabilities-actively-exploited-in-attacks\/"},"modified":"2025-04-01T10:04:16","modified_gmt":"2025-04-01T10:04:16","slug":"apple-warns-of-three-0-day-vulnerabilities-actively-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/04\/01\/apple-warns-of-three-0-day-vulnerabilities-actively-exploited-in-attacks\/","title":{"rendered":"Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks"},"content":{"rendered":"

Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200<\/a>, CVE-2025-24201<\/a>, and CVE-2025-24085<\/a> that have been actively exploited in sophisticated attacks.\u00a0<\/p>\n

These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs<\/a>, and other platforms. Users are strongly advised to update their devices immediately to mitigate potential security risks.<\/p>\n

Significant Vulnerabilities Under Active Exploitation<\/strong><\/h2>\n

CVE-2025-24200<\/strong><\/h3>\n

The first vulnerability, tracked as CVE-2025-24200, is an authorization flaw that can be exploited in a physical attack to disable USB Restricted Mode on a locked device.\u00a0<\/p>\n

According to Apple\u2019s advisory, this vulnerability \u201cmay have been exploited in an extremely sophisticated attack against specific targeted individuals\u201d.\u00a0<\/p>\n

The flaw was discovered and reported by Bill Marczak of The Citizen Lab at The University of Toronto\u2019s Munk School.<\/p>\n

A malicious actor can disable USB Restricted Mode on a locked device as part of a cyber-physical attack.\u00a0<\/p>\n

USB Restricted Mode, introduced in iOS 11.4.1, prevents iOS and iPadOS devices from communicating with connected accessories if the device hasn\u2019t been unlocked within the past hour \u2013 a critical security feature designed to thwart forensic tools.<\/p>\n

CVE-2025-24201<\/strong><\/h3>\n

The second vulnerability, CVE-2025-24201, affects WebKit<\/a>, the browser engine powering Safari and many iOS applications.\u00a0<\/p>\n

This out-of-bounds write issue could allow maliciously crafted web content to break out of the Web Content sandbox.<\/p>\n

Apple describes this as \u201ca supplementary fix for an attack that was blocked in iOS 17.2\u201d and acknowledges that it \u201cmay have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2\u201d.<\/p>\n

CVE-2025-24085<\/strong><\/h3>\n

The third zero-day, CVE-2025-24085, is a use-after-free vulnerability in the CoreMedia component \u2013 a framework that manages audio and video playback across Apple products.\u00a0<\/p>\n

As detailed in Apple\u2019s advisory, \u201cA malicious application may be able to elevate privileges\u201d. This vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, watchOS, and tvOS<\/a>.<\/p>\n

The flaw has been actively exploited against older versions of iOS before iOS 17.2.<\/p>\n

The summary of the Vulnerabilities is given below:<\/p>\n

\n\n\n\n\n\n\n
CVEs<\/strong><\/td>\nAffected Products<\/strong><\/td>\nImpact<\/strong><\/td>\nExploit Prerequisites<\/strong><\/td>\nCVSS 3.1 Score<\/strong><\/td>\n<\/tr>\n
CVE-2025-24200<\/td>\niOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5 (iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch, etc.)<\/td>\nBypass USB Restricted Mode on locked devices<\/td>\nPhysical access to the device<\/td>\n6.1 (Medium)<\/td>\n<\/tr>\n
CVE-2025-24201<\/td>\niOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, Safari 18.3<\/td>\nEscape Web Content sandbox via malicious web content<\/td>\nNone<\/td>\n8.1 (High)<\/td>\n<\/tr>\n
CVE-2025-24085<\/td>\niOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, visionOS 2.3<\/td>\nPrivilege escalation through use-after-free vulnerability in CoreMedia<\/td>\nMalicious application already installed<\/td>\n7.8 (High)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Mitigation Steps<\/strong><\/h2>\n

Apple has released<\/a> patches for all three vulnerabilities across its operating systems and devices:<\/p>\n