Apple backported fixes for three actively exploited flaws to older devices

Apple has released security updates for older iOS and macOS devices to address three critical zero-day vulnerabilities—CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201—actively exploited in targeted attacks. The flaws involve privilege escalation, USB Restricted Mode bypass, and a WebKit sandbox escape, affecting multiple generations of iPhones, iPads, and Macs. Apple’s backported fixes aim to protect legacy devices still in use, underscoring the importance of prompt patching across its device ecosystem.