News in Brief: Patches from Apple fix privacy, code execution, lock screen bugs

Updates in brief

Apple’s latest round of updates are out, covering almost all supported products and operating system versions, including:

• macOS 13, 14 and 15 (respectively known as Ventura, Sonoma, and Sequoia)
• iPadOS 15, 16, 17 and 18
• iOS 15, 16 and 18

The good news, in contrast to the recent emergency updates for macOS 15 and iOS 18 that came out three weeks ago, is that none of the listed bugs are tagged as zero-days, the name given to security holes that are found and exploited by attackers before patches are available.

(The name zero-day, often abbreviated just as 0-day, is a reminder that there were zero days on which even the most determined sysadmin could have patched proactively.)

It’s a good job that all these holes were disclosed responsibly and fixed proactively, because there are numerous interestingly worrying bugs amongst them.

Here’s an eclectic list:

CVE-2025-30428

Photos on a mobile device accessible from the lock screen.

CVE-2025-30438

Ability for a rogue app to start recording invisibly on a locked phone by suppressing any warning notifications.

CVE-2025-31183

CVE-2025-24217

CVE-2025-24214

CVE-2025-24205

CVE-2025-24198

Abuse of Siri to get access to sensitive information.

CVE-2025-30425

Ability for a rogue website to track your browsing even in Safari’s private mode.

CVE-2025-24113

CVE-2025-30467

Ability for a rogue website to trick Safari into displaying incorrect data. This could allow a malicious web page to present a legitimate site name in the address bar, or to trick you into clicking on the wrong choice in a menu or dialog.

CVE-2025-24221

Leakage of sensitive keychain data (Apple’s core password management system) into iOS backups.

CVE-2025-30456

Ability for a rogue app to acquire root-level (superuser or system administrator) access. On macOS, root access is supposed to be restricted to users who know the root password. On iOS/iPadOS, root access should be strictly limited to Apple’s operating system processes.

CVE-2025-24257

Ability for a rogue app to modify kernel memory. Because the kernel controls all access permissions in the system, including those of the root account, getting control over the kernel effectively overrides system security entirely, opening the door to jailbreaks and full-blown spyware.

CVE-2025-30428

Photos in the Hidden Photos Album accessible without authentication. Even on an unlocked device, Hidden Photos are supposed to be just that: hidden entirely until the lock code is entered again.

As you can see, even built-in system apps and security features may fail to protect you from other people, apps or websites that misbehave, whether they go rogue by accident or on purpose.

What to do?

• Minimize the content that’s visible on your lock screen, ideally by turning off everything you can. Apps have their own independent notification settings, so it’s worth reviewing them one-by-one from the Settings > Notification page. (For better or worse, the camera app, which automatically includes the ability to view just-taken photos in read-only mode, is always accessible from the lock screen.)
• Check for updates by hand on a regular basis. Even if you have chosen to automate both the downloading and installation of updates, use Settings > General > Software Update regularly to make sure that you really do have the latest patches, just in case the update process has failed at some point. Don’t forget that after installing an update you generally need to reboot to complete the process.
• Add an extra layer of security to your mobile devices, which are typically protected only by basic MDM (mobile device management) tools. Signing up for SolCyber Mobile Protection brings your mobile threat response to a new level, including blocking phishing attempts, messaging scams, and malicious apps that specifically target phone users.

Learn more about our mobile security solution that goes beyond traditional MDM (mobile device management) software, and offers active on-device protection that’s more like the EDR (endpoint detection and response) tools you are used to on laptops, desktops and servers:

More About Duck

Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!