High Threat Security Alert (A25-04-01): Multiple Vulnerabilities in Apple Products


 

Published on: 01 April 2025

  
  

Description:

Apple has released iOS 15.8.4, iPadOS 15.8.4, iOS 18.3.2, iOS 16.7.11, iPadOS 16.7.11, iPadOS 17.7.6, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, Safari 18.4, visionOS 2.4, tvOS 18.4 and Xcode 16.3 to fix the multiple vulnerabilities in various Apple devices. The list of vulnerabilities information can be found at:
https://support.apple.com/en-us/122345
https://support.apple.com/en-us/122346
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
https://support.apple.com/en-us/122379
https://support.apple.com/en-us/122380

Reports indicated that multiple vulnerabilities (CVE-2025-24085, CVE-2025-24200, CVE-2025-24201) are being actively exploited in the wild. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 6S and later
  • iPad 7th generation and later, Air 2nd generation and later, mini 4th generation and later, iPad Pro 9.7-inch, Pro 10.5-inch, Pro 11-inch 1st generation and later, Pro 12.9-inch 1st generation and later, Pro 13-inch, iPod touch 7th generation and later
  • macOS Sequoia prior to version 15.4
  • macOS Sonoma prior to version 14.7.5
  • macOS Ventura prior to version 13.7.5
  • Safari prior to version 18.4
  • tvOS prior to version 18.4
  • visionOS prior to version 2.4
  • Xcode prior to version 16.3

 

Impact:

A successful exploitation could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected device.

 

Recommendation:

Patches for affected products are available. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/122345
  • https://support.apple.com/en-us/122346
  • https://support.apple.com/en-us/122371
  • https://support.apple.com/en-us/122372
  • https://support.apple.com/en-us/122373
  • https://support.apple.com/en-us/122374
  • https://support.apple.com/en-us/122375
  • https://support.apple.com/en-us/122377
  • https://support.apple.com/en-us/122378
  • https://support.apple.com/en-us/122379
  • https://support.apple.com/en-us/122380
  • https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20250401
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40864
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48958
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54502
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54508
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54533 (to CVE-2024-54534)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54543
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24085
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24093
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24095
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24097
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24113
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24148
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24157
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24163 (to CVE-2025-24164)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24170
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24172 (to CVE-2025-24173)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24178
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24180 (to CVE-2025-24182)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24190 (to CVE-2025-24196)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24198 (to CVE-2025-24205)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24207 (to CVE-2025-24218)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24221
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24226
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24228 (to CVE-2025-24250)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24253 (to CVE-2025-24257)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24259 (to CVE-2025-24267)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24269
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24272 (to CVE-2025-24273)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24276 (to CVE-2025-24283)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30424 (to CVE-2025-30430)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30432 (to CVE-2025-30435)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30437 (to CVE-2025-30439)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30441
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30443 (to CVE-2025-30444)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30446 (to CVE-2025-30447)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30449 (to CVE-2025-30452)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30454 (to CVE-2025-30458)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30460 (to CVE-2025-30465)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30467
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30479 (to CVE-2025-30471)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31182 (to CVE-2025-31184)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31187 (to CVE-2025-31188)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31191 (to CVE-2025-31192)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31194


Tag: Apple , iOS , iPadOS , macOS , Safari , visionOS , tvOS , Xcode
Tags