Security & Privacy

iOS 18.3 and macOS Sequoia 15.3 patch first Apple zero-day of 2025

Posted on by

On Monday, January 27, Apple released urgent updates for all of its operating systems. The updates add new features and address bugs. But more importantly, they fix some critical security vulnerabilities—including one that was “actively exploited” in the wild.

Let’s explore everything you should know about what Apple changed in these updates.

In this article:

macOS Sequoia 15.3

Available for: All supported Macs capable of running macOS Sequoia

General update information and new features:

This update introduces Genmoji, powered by Apple Intelligence, and also includes other enhancements, bug fixes, and security updates for your Mac.

  • Genmoji creation in Messages and other apps

  • Calculator repeats the last mathematical operation when you click the equal sign again

  • Easily manage settings for notification summaries from the Lock Screen (Mac with Apple silicon)

  • Updated style for summarized notifications better distinguishes them from other notifications by using italicized text as well as the glyph (Mac with Apple silicon)

  • Notification summaries for News & Entertainment apps are temporarily unavailable, and users who opt-in will see them again when the feature becomes available (Mac with Apple silicon)

Enterprise-specific details:

  • Apple Intelligence is turned on automatically after updating to macOS 15.3 or during device setup unless MDM skips the Apple Intelligence setup pane

  • MDM can require sign-in from a specified Workspace ID for requests to external intelligence integrations such as ChatGPT

  • MDM can disable transcription summarization in Notes

  • AirPlay connects successfully when using the built-in firewall and a content filter extension

  • Improves stability for apps over VPN connections when using the built-in firewall and a content filter extension

Security fixes in macOS Sequoia 15.3

In this update, Apple addressed at least 60 vulnerabilities with CVE (Common Vulnerabilities and Exposures) numbers assigned to them. Here are a handful of notable ones:

AirPlay
Impact: An attacker in a privileged position may be able to perform a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24131: Uri Katz (Oligo Security)

 

CoreMedia
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Description: A use after free issue was addressed with improved memory management.
CVE-2025-24085

 

FaceTime
Impact: An app may be able to access user-sensitive data
Description: An information disclosure issue was addressed with improved privacy controls.
CVE-2025-24134: Kirin (@Pwnrin)

 

Messages
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-24101: Kirin (@Pwnrin)

 

Spotlight
Impact: A malicious application may be able to leak sensitive user information
Description: This issue was addressed through improved state management.
CVE-2025-24138: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova

For the full list of security patches included in macOS Sequoia 15.3, have a look here.

You can get macOS Sequoia 15.3 by going to System Settings > Software Update, where compatible Macs running macOS Mojave or newer will see the Sequoia update appear. If you have a compatible Mac running macOS High Sierra or older, look for macOS Sequoia in the App Store and download it from there.

Details about the zero-day vulnerability, CVE-2025-24134

We don’t know much at this time about the “actively exploited” (zero-day) vulnerability, CVE-2025-24134. Besides the description above, we only know that macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3, tvOS 18.3, and visionOS 2.3 include fixes for this bug.

Apple released the referenced iOS 17.2 in December 2023, meaning this vulnerability was used in the wild at least 13 months before Apple finally assigned a CVE number and made the patch available. It’s possible that CVE-2025-24134 may have been used as part of an exploit chain leveraged by Pegasus or similar nation-state caliber spyware.

Apple silently removed CVE-2025-24166 from the patch notes

Note that Apple originally listed 61 CVEs in macOS Sequoia 15.3, but later removed the following CVE from the patch notes for all operating systems. Apparently, based on notes in NIST’s National Vulnerability Database, Apple must have quietly “withdrawn” this CVE:

libxslt
Formerly listed as patched in: macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, and visionOS 2.3
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
CVE-2025-24166: Ivan Fratric of Google Project Zero

Intego has requested details about why Apple withdrew this CVE, and will update this article if anyone provides an answer.

macOS Sonoma 14.7.3

Available for: All supported Macs currently running macOS Sonoma

Security fixes:
In this update, Apple addressed at least 41 vulnerabilities with CVEs assigned. Most of them are the same as those found in the Sequoia update.

For the list of security patches included in Sonoma 14.7.3, have a look here.

You can get this update by going to System Settings > Software Update.

macOS Ventura 13.7.3

Available for: All supported Macs currently running macOS Ventura

Security fixes:
In this update, Apple addressed at least 31 vulnerabilities with CVEs assigned. Most of them are the same as those found in the Sequoia update.

For the list of security patches included in Ventura 13.7.3, have a look here.

You can get this update by going to System Settings > Software Update.

Safari 18.3 for macOS Ventura and Sonoma

Available for: macOS Sonoma and macOS Ventura

This update addresses at least seven issues with CVEs assigned, with no “additional recognitions” listed. You can read about these patches here.

You can get this update via System Settings > Software Update on your Mac.

iOS 18.3 and iPadOS 18.3

Available for:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

General update information and new features:

Visual intelligence with Camera Control (All iPhone 16 models):
• Add an event to Calendar from a poster or flyer
• Easily identify plants and animals

Notification summaries (All iPhone 16 models, iPhone 15 Pro, iPhone 15 Pro Max):
• Easily manage settings for notification summaries from the Lock Screen
• Updated style for summarized notifications better distinguishes them from other notifications by using italicized text as well as the glyph
• Notification summaries for News & Entertainment apps are temporarily unavailable, and users who opt-in will see them again when the feature becomes available

Other enhancements and bug fixes:
• Calculator repeats the last mathematical operation when you tap the equals sign again
• Fixes an issue where the keyboard might disappear when initiating a typed Siri request
• Resolves an issue where audio playback continues until the song ends even after closing Apple Music

Security fixes in iOS 18.3 and iPadOS 18.3

In this update, Apple addressed at least 28 vulnerabilities with CVEs assigned. Most of them are the same as those found in the other OS updates. Notable fixes specific to iOS and iPadOS include:

Accessibility
Impact: An attacker with physical access to an unlocked device may be able to access Photos while the app is locked
Description: An authentication issue was addressed with improved state management.
CVE-2025-24141: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India

 

Managed Configuration
Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files
Description: This issue was addressed with improved handling of symlinks.
CVE-2025-24104: Hichem Maloufi, Hakim Boukhadra

 

Passkeys
Impact: An app may gain unauthorized access to Bluetooth
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-9956: mastersplinter

The details of the security issues that were addressed can be found here. To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iPadOS 17.7.4

Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

Security fixes and updates:

This update addresses 17 issues, most of them the same as those addressed in the iPadOS 18 update.

The full list of security issues that were addressed can be found here. To get your hands on this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

Interestingly, Apple did not release an update for iOS 17, and has not since November 2024; Apple also skipped iOS 17 in December when the company released iPadOS 17.7.3. It is likely that iOS 17 won’t see any more security updates going forward. This is a logical move, as all iPhones that can run iOS 17 are capable of running iOS 18; meanwhile, Apple cut off some iPads from iPadOS 18.

watchOS 11.3

Available for: Apple Watch Series 6 and later

Security-related fixes and updates:
Apple addressed at least 17 vulnerabilities with CVEs in this update, mostly the same as in the other OS updates.

The full list of security issues that were addressed can be found here. To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

tvOS 18.3

Available for: Apple TV HD and Apple TV 4K (all models)

Security-related fixes and updates:
Apple addressed at least 17 vulnerabilities with CVEs in this update, mostly the same as in the other OS updates.

The full list of security issues that were addressed can be found here. To install this update, go to Settings > System > Software Updates on your Apple TV.

visionOS 2.3

Available for: Apple Vision Pro

Security-related fixes and updates:
Apple addressed at least 20 vulnerabilities with CVEs in this update, mostly the same as in the other OS updates.

The full list of security issues that were addressed can be found here. To install this update, go to Settings > General > Software Update

What Apple didn’t patch

Though some of the following shouldn’t come as a big surprise, Apple did not release security updates for any of the following operating systems this month:

  • iOS 17 — no updates since November 2024
  • iOS 15 and iPadOS 15 — no security updates since January 2024
  • iOS 12 — no updates since January 2023
  • watchOS 10 — no security updates since July 2024
  • watchOS 8 — no updates since June 2023

With the exception of iOS 17, each of these operating systems was a cutoff point for some hardware; some devices are stuck with these OS versions and cannot be upgraded to the current ones. However, all devices currently running iOS 17 are capable of running iOS 18; owners should install the free upgrade.

If you have an older device that cannot be upgraded to the latest version of iOS or iPadOS (18.x) or watchOS (11.x), you should strongly consider purchasing a newer model. The latest models of iPhone, iPad, and Apple Watch can run the newest operating systems, and can thus get all available security updates.

How to install Apple security updates

For macOS updates

If you haven’t yet upgraded to macOS Sequoia, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.

If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.

Note that only the latest macOS version (currently, that’s macOS Sequoia) is ever fully patched; older macOS versions only get a subset of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?

 

For other Apple OS updates

Users of iPhone or iPad can open the Settings app and choose General > Software Update to update iOS or iPadOS on their devices. (This is called an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there; or, if you use a Windows PC, you can use the Apple Devices app.

To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest iOS version. Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.

To update tvOS on your Apple TV, open the Settings app and choose System > Software Updates.

Although Apple doesn’t list HomePod Software on its security updates page, its operating system (sometimes called audioOS) gets updates, too; the OS build numbers are identical to tvOS, and presumably include the same updates. Your HomePod should update automatically. However, if you would like to update your HomePod or HomePod mini’s operating system manually, you can go into the Home app on your iPhone or iPad, then tap the House icon > Home Settings > Software Update > temporarily disable (toggle off) Install Updates Automatically > then tap Install. After updating, remember to re-enable the Install Updates Automatically setting.

 

It’s wise to back up before updating

Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.

How to Verify Your Backups are Working Properly

See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.

Should you back up your iPhone to iCloud or your Mac? Here’s how to do both

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on LinkedIn Follow Intego on Pinterest Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →