Apple Patches Major Flaws in March 2025 Update

Apple released critical security updates in March 2025 for macOS, iOS, and iPadOS addressing several high-risk vulnerabilities, including a zero-day exploit (CVE-2025-6558) that allowed remote code execution via crafted HTML pages targeting Chrome users. Another major flaw, 'SploitLight' (CVE-2025-31199), discovered by Microsoft, allowed malicious Spotlight plugins to bypass TCC protections and access sensitive Apple Intelligence metadata—such as location, photo tags, and search history—affecting iPhones, iPads, and Macs. The vulnerabilities were patched in macOS Sequoia 15.4 and related OS updates, but users on older versions remain vulnerable and are strongly urged to update. Microsoft and Apple reported no evidence of active exploitation of 'SploitLight' prior to the patch. Other updates addressed bugs in Device Firmware Update mode on Macs and introduced password version history in the Passwords app for iOS 26. Security experts warn that some vulnerabilities have already been exploited in targeted and ransomware attacks, underscoring the need for immediate patching.