Apple Issues Urgent Patch for WebKit Zero-Day Exploited in Targeted Attacks

12.03.2025

Apple has rolled out a security update to patch a critical WebKit zero-day vulnerability (CVE-2025-24201) that has been exploited in highly sophisticated attacks. The flaw, identified as an out-of-bounds write issue, could allow attackers to execute malicious code by crafting harmful web content capable of escaping the Web Content sandbox. Apple addressed the issue by implementing improved security checks to prevent unauthorized actions.

The company confirmed that this update serves as a supplementary fix to an earlier patch introduced in iOS 17.2. It also acknowledged that the vulnerability may have been actively exploited in targeted attacks against specific individuals using older iOS versions. However, Apple has not disclosed details regarding when the attacks began, how long they lasted, or who the intended targets were. Additionally, it remains unclear whether the vulnerability was discovered by Apple’s internal security team or reported by an external researcher.

The security update is now available for multiple devices and operating systems, including iOS 18.3.2 and iPadOS 18.3.2 for iPhone XS and later, iPad Pro models, iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). Mac users running macOS Sequoia 15.3.2, as well as those using Safari 18.3.1 on macOS Ventura and Sonoma, are also advised to update. Additionally, visionOS 2.3.2 has been released for Apple Vision Pro devices.

This marks Apple’s third patch for an actively exploited zero-day vulnerability in 2025, following fixes for CVE-2025-24085 and CVE-2025-24200 earlier this year. These repeated security threats highlight the growing risks faced by Apple users, particularly those who delay software updates.

Apple strongly recommends that all affected users install the latest updates as soon as possible to protect their devices from potential exploits. Cybersecurity experts continue to stress the importance of staying up to date with software patches, as attackers often target unpatched systems in sophisticated campaigns.