Apple is patching a zero-day vulnerability in iPhones and iPads that could be exploited in “extremely sophisticated” attacks.
The vulnerability, dubbed CVE-2025-24201, was found in WebKit, Apple’s open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It can cause “maliciously crafted web content” to break out of the Web Content sandbox, Apple said in its release notes.
Apple says it’s aware of the vulnerability being exploited in “an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2″ and that the new security patch is a supplementary fix to the one released with iOS 17.2.
Devices at risk include the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
To fix the issue, Apple has released patches with iOS 18.3.2 and iPadOS 18.3.2, stating that “an out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.”
To install the latest security patch on your iPhone or iPad, go to Settings > General > Software Update. You can also enable automatic updates to let the device patch itself in the future.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Jibin Joseph
Contributor
