Apple Releases Security Update to Fix Zero-Day Exploit
On Tuesday, Apple rolled out a security update to patch a zero-day vulnerability that has been leveraged in what the company described as "extremely sophisticated" attacks.
The flaw, identified as CVE-2025-24201, originates from the WebKit web browser engine. It is classified as an out-of-bounds write issue, which could enable attackers to craft malicious web content capable of escaping the Web Content sandbox.
Apple addressed the vulnerability by implementing improved security checks to prevent unauthorized actions. The company also noted that this fix serves as an additional safeguard for an attack previously mitigated in iOS 17.2. Additionally, Apple acknowledged that the flaw "may have been exploited in an extremely sophisticated attack targeting specific individuals using versions of iOS prior to iOS 17.2."
However, the advisory does not clarify whether Apple’s internal security team discovered the issue or if it was reported by an external researcher. It also lacks details regarding when the attacks began, how long they lasted, or the identities of the targeted individuals.
The update is now available for the following devices and operating systems:
iOS 18.3.2 and iPadOS 18.3.2 – Compatible with iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
- macOS Sequoia 15.3.2 – Available for Macs running macOS Sequoia.
- Safari 18.3.1 – For Macs running macOS Ventura and macOS Sonoma.
- visionOS 2.3.2 – Designed for Apple Vision Pro.
With this latest update, Apple has now patched three actively exploited zero-day vulnerabilities in its software since the beginning of the year. The other two vulnerabilities are CVE-2025-24085 and CVE-2025-24200.
