-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4
iOS 15.8.4 and iPadOS 15.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122345. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. Description: An authorization issue was addressed with improved state management. CVE-2025-24200: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.) Description: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. WebKit Bugzilla: 285858 CVE-2025-24201: Apple This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.8.4 and iPadOS 15.8.4". All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmfrHakACgkQX+5d1TXa Ivob6g/7ByZnFmxF8k0zthvkKN/BxLdqLO74K1tBTWeFhnJ86+0v39vnclThwjFb JKBsyuoWwBr+x7ZEbbPi+ILUEnw9EsYdBpPsikyvP90cMRkoEJmGDf6NXpvTDmdh yaKgqOaZBt5NpWUMQ0I4b6eUOAjqoDtIDP06kXsrd0/073/mDKZJqPjhYABevwgb lHRRk/tSrRZ3/oTQ/Y/Ed8f7isOjPjdnLaszs9iUzEhySD53ZW169fqH20NY9qdf b/G+be2xL6Ba6CuDXb/v/16CfCKtYMTAXPpLjzcg2M3qf5LaTYYC3zCfZ8J3d35h bFgQrnKOE3cpVaKKtzVlLouopM+ROvy7S7Lt/rLb1/HqSfg5NMkGuvXh2m92XwqF b8OAk5V0iimcRsmfwYLsrvkLg642g2pCP5ZPP2GJMqHwOdveSbmP1Jn/ckEMpvHm wQmv5gIOH173zrjkyeG9xrJupCUBycWxQXGwOnX5bhFu+w7MYmptRKx+SXdWcqsO aQueWPpTPDiOFRwuu21x+R/FzM5ZxOXQ+k11u3YuXFpPfGD2dSNIJp9ObmLACuE4 uGX4AT5NJSAnDmoAxEiOwdhFrSyl6xO7w2iz9im0bkx+vi5XiWZtpJzdN8Rv/oZK VMTCdIpYwads8GaYIgRtYKriCDk3Po0j5KsPmJTqenkvmu+AA54= =CAQu -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
