On Tuesday, Apple released a security update to address the zero-day flaws that it said were exploited in a “very sophisticated” attack.
The vulnerability is assigned to the CVE identifier CVE-2025-24201 and is rooted in the WebKit Web Browser Engine component.
This is said to be a no-no writing problem that could allow attackers to create malicious web content so they can get out of the web content sandbox.
Apple said it resolved an issue with improved checks to prevent unauthorized actions. It also pointed out that it is a supplementary fix to an attack blocked in iOS 17.2.
Furthermore, the vulnerability has been “possibly exploited in a very sophisticated attack on a particular targeted individual in a version of iOS prior to iOS 17.2.”
However, the advisory does not mention whether Apple’s own security team discovered the flaw or reported it by external researchers. It also doesn’t mention when the attacks began, how long they lasted, or who was targeted.
This update is available on the following devices and operating system versions –
iOS 18.3.2 and iPads 18.3.2 – iPhone XS or later, iPad Pro 13 inch, iPad Pro 12.9 inch 3rd generation or later, iPad Pro 11 inch 1st generation or later, iPad Air 3rd Generation and then 7th generation or later, running Macos vertia running iPad Mini 5th Generation and Later Macos vertia fertia and -macos sequaia safia. Macos Sonoma Visionos 2.3.2 – Apple Vision Pro
With the latest developments, Apple has been actively taking up a total of three zero-days in software since the beginning of this year, with the other two being CVE-2025-24085 and CVE-2025-24200.
Source link
