Newsletter Archives

• Apple backports fixes

  Posted on April 2, 2025 at 16:43 CDT by Susan Bradley • Comment in the Forums

  Apple released several updates on March 31, including several backports to older versions of iOS and iPadOS. These fixes retroactively addressed three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems.

  CVE-2025-24200: ” This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

  That means businesses, journalists, and other highly targeted individuals. It was originally patched on February 10 in iOS 18.3.1, iPadOS 18.3.1, and iPad 17.7.5, but the vulnerability remained unresolved in older operating systems until now.

  Another bug, CVE-2025-24201, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4 and is targeting flaws in WebKit and browsers. It’s been backported to iOS and iPadOS 15 and 16.

  For more information, see this post in our forums.

  Apple CVE-2025-24200, CVE-2025-24201, Patch Lady Posts

• February — Same number of patches, fewer bugs

  Posted on February 17, 2025 at 02:43 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  This month we have a more “normal” patch release of 57 vulnerabilities.

  Although that’s a “woo-hoo” for the security researchers, you and I will still see the same old security updates being offered. That is, we will see a Windows security update.

  What also hasn’t changed is my stance toward Windows 11 24H2. If you buy a computer with it, stay there. If you are already on it and see no issues, stay there. But if you haven’t yet installed the 24H2 feature release on your existing Windows 11 23H2 machine, I still recommend holding back, especially for businesses. For consumers, the risk is less — as long as you are not a gamer.

  Read the full story in our Plus Newsletter (22.07.0, 2025-02-17).

  Patch Watch Apple updates, CVE-2025-21194, CVE-2025-21376, CVE-2025-21387, CVE-2025-21391, CVE-2025-24200, KB890830, Netlogon, Newsletters, Outlook (new), Patch Lady Posts, System Guard, Windows 11 24H2

• February 2025 updates are upon us

  Posted on February 11, 2025 at 12:10 CST by Susan Bradley • Comment in the Forums

  Nine months and counting befor the end of support (but not end of using) Windows 10. We also have a zero day that Apple released yesterday. The updates include the following:

  iOS 18.3.1 fixing a zero day CVE-2025-24200 used in extremely sophisticated attacks. So if you’ve seen headlines about massive risk, actually no, only if you are a CEO or someone high up in an organization.

  For Windows 10 22H2, it’s KB5051974 – note the event ID issue with the System Guard runtime monitor service is not fixed with this release.

  Windows 11 24H2 – KB5051987 – which I’m still not recommending 24H2 unless you’ve bought a machine with it or you’ve already upgraded and see no issues – has been released.

  For Windows 11 23H2 look for KB5051989. Remember at this time we are in test mode only.

  Microsoft indicates that the February updates include a fix for the following:

  After installing the January 2025 Windows security update released January 14, 2025 (the Originating KBs listed above), you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback.

  Windows Patches/Security CVE-2025-24200, Patch Lady Posts