Apple on Monday issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities that affect the heritage versions of its operating systems.

Cve-2025-24200

The first vulnerability, designated CVE-2025-24200, is in iOS 16.7.11iPados 16.7.11, iOS 15.8.4and iPados 15.8.4.

Cve-2025-24200 enables a physical attacker to eliminate USB-limited mode on an Apple device. It is a security feature designed to block unauthorized data access through the USB port when the iPhone or iPad is closed longer than an hour.

Apple said CVE-2025-24200 “may have been exploited in an extremely sophisticated attack on specific targeted individuals,” which indicates possible involvement of state-sponsored actors aimed at investigating high-value targets such as government officials, journalists or senior operational managers. Although it was initially on February 10 in iOS 18.3.1, iPados 18.3.1 and iPad 17.7.5, the vulnerability has so far remained unresolved in older operating systems.

See: Critical vulnerabilities in the zero-day found in these VMware products

Cve-2025-24201

The second error, CVE-2025-24201, was also patched in iOS 16.7.11, iPados 16.7.11, iOS 15.8.4 and iPados 15.8.4.

This error is in Webkit, the browser engine used by safari to deliver web pages. This leaves malicious code in the web content sandbox-an isolated environment intended to contain threats on browser-to escape and compromise broader system components.

Cve-2025-24201 was mitigated late in iOS 17.2 at the end of 2023, followed by a supplementary patch in iOS 18.3.2, Macos Sequoia 15.3.2, Visionos 2.3.2 and Safari 18.3.1. The error is now retrospective in iOS and iPados 15 and 16.

Cve-2025-24085

Cve-2025-24085, the third vulnerability, is in iPados 17.7.6, Macos sonoma 14.7.5and Macos Ventura 13.7.5.

The use-free vulnerability is in Apple’s core media, the framework responsible for handling media processing tasks such as audio and video players in programs. This enables attackers to use memory control and re -use it to execute privileged malicious code.

Apple, originally in January, with iOS 18.3, iPados 18.3, Macos Sequoia 15.3, Watchos 11.3, Visionos 2.3 and TVOS 18.3, was originally pitched, and Apple has now resolved the solution to older systems.

Other vulnerabilities were patched in iOS 18.4

In addition to new Apple Intelligence Functions and Emojis, iOS 18.4 – Tuesday released – Deliver corrections for new vulnerabilities including:

• CVE-2025-30456: An error in the disk ritral framework that enables programs to root their privileges.
• CVE-2025-24097: An error in airdrop that allowed unauthorized programs to access file metadata, such as creation dates or user details.
• CVE-2025-31182: An error in the libxpc frame that allows apps to remove arbitrary files on the device.
• CVE-2025-30429, CVE-2025-24178, CVE-2025-24173: Errors that enable programs to break from sandbox in calendar, libxpc and power services respectively.
• CVE-2025-30467: An error in safari that can allow malicious sites to cheat the address bar.

Apple users are strongly urged to immediately update their devices to guard against the exploitation of these now published vulnerabilities. Although most users will receive automatic update assignments, manual updates can be performed via settings, general and then software update.