Apple Security Roundup – February 2025

Apple has kicked off 2025 with a major security update, addressing multiple zero-day vulnerabilities, government surveillance concerns, and emerging cyber threats. Here’s a breakdown of what IT admins and Apple users need to know.

1. Apple Zero-Day Vulnerabilities & Security Updates

On January 27, 2025, Apple released macOS Sequoia 15.3, macOS 14.7.3, macOS 13.7.3, and iOS/iPadOS 18.3, patching a range of security vulnerabilities—including the first zero-day exploit of the year.

On February 10, 2025, Apple released yet another urgent update for macOS Sequoia 15.3.1, macOS 14.7.4, macOS 13.7.4, and iOS/iPadOS 18.3.1, which included no documented CVEs but does contain an urgent security update.

Key Security Fixes

Apple’s latest update addresses at least 51 known vulnerabilities, including several critical security flaws. Here’s a quick look at the CVE (Common Vulnerabilities and Exposures) breakdown by OS:

• macOS 15.3 – 61 published CVEs
• macOS 14.7.3 – 41 published CVEs
• macOS 13.7.3 – 31 published CVEs
• iOS/iPadOS 18.3 – 31 published CVEs
• iOS/iPadOS 18.3.1 – 1 published CVE

Critical Vulnerabilities Patched

Several of these vulnerabilities posed serious risks to Apple users, including:

• CoreMedia – A use-after-free exploit that could allow malicious apps to gain elevated privileges. Apple confirmed this has been actively exploited on older iOS versions.
• AirPlay – Multiple vulnerabilities that could result in system crashes, memory corruption, and remote code execution.
• Kernel – Two critical flaws that could let malicious apps gain kernel privileges, giving attackers full control over a device.
• iCloud Photo Library – A security loophole that may allow apps to bypass privacy settings, accessing sensitive data.
• SMB (Server Message Block) – Three vulnerabilities that could corrupt kernel memory, cause system crashes, or allow a privileged app to execute arbitrary code.
• WebContentFilter – A bug that could let attackers trigger system crashes or corrupt kernel memory.

2. Additional Security Enhancements

Aside from the zero-day patches, Apple has also addressed:

• WebKit (Safari’s Engine) – Fixes to prevent malicious websites from fingerprinting users.
• Photos App – A flaw that could let an attacker bypass device lock screens to access photos.
• Password Security – A patch to prevent malicious apps from bypassing browser extension authentication.

Update Now: Why IT Teams Must Act

Given the high number of critical vulnerabilities, Apple users should update immediately to:

• macOS Sequoia 15.3.1 (or latest version for your system)
• OS/iPadOS 18.3.1

For IT admins using Addigy, enabling Addigy DDM Update Settings is the most effective way to enforce system updates across managed Apple devices with maximum security control.

3. UK Government’s Secret Backdoor Request for Apple Users

In a controversial move, the UK government secretly pressured Apple to create an iCloud backdoor, allowing authorities unrestricted access to user data worldwide.

Facing intense pushback, the UK has since “postponed” the request—but privacy advocates remain skeptical, as past legislation has consistently expanded government surveillance powers.

📖 Source: 9to5Mac Report on UK Backdoor Request

🔒 Why It Matters: If governments successfully force tech companies to weaken encryption, every Apple user’s privacy is at risk—from individuals to enterprises handling sensitive data.

4. DeepSeek AI & Global Security Concerns

With growing concerns over AI technologies linked to China, governments worldwide are moving to ban or restrict access to DeepSeek AI, a rising AI tool accused of posing security risks.

IT Security Recommendations to block DeepSeek AI and similar platforms:

Use DNS Filters or Network Firewalls

On iOS/iPadOS, apply a Content Web Filter MDM Profile via Addigy

Taking these steps ensures corporate devices remain secure from potential AI-driven cyber threats.

5. “Tiny FUD” – The Latest Undetectable macOS Malware

Security researchers have uncovered a new macOS backdoor dubbed “Tiny FUD”, capable of bypassing Apple’s built-in security.

How It Works:

• Uses process name manipulation and DYLD injection to avoid detection
• Bypasses macOS Gatekeeper and System Integrity Protection (SIP)
• Communicates with a hardcoded command-and-control (C2) server

Indicators of Compromise (IOCs):

🛑 SHA256 Hash: d64e2688344c685c4156819156bdb15630d1168314b21c919eee5540b1beb54a
🛑 Suspicious Domains/IPs:

• xxobox[.]com
• equitymarket[.]uk
• movie.aspisdata[.]com
• 69[.]197[.]175[.]10

📖 Source: DenWP Report on Tiny FUD

Final Takeaways: What IT Teams Should Do Now

Patch Immediately: Apply the latest Apple updates to mitigate zero-day threats.

Monitor for IOCs: Use endpoint security tools to detect and block “Tiny FUD” malware.

Enhance Privacy Controls: Stay informed on government surveillance efforts and implement end-to-end encryption strategies.

Use Addigy for Centralized Apple Security Management: Simplify patch deployment, security enforcement, and compliance monitoring for macOS and iOS devices.

By staying proactive, IT teams can protect Apple devices from emerging threats and ensure data security in 2025 and beyond.