Apple Issues Update to Address WebKit Zero-Day Vulnerability Used in Targeted Attacks

ByCloudBrain Team
Apple Issues Update to Address WebKit Zero-Day Vulnerability Used in Targeted Attacks

On March 12, 2025, Apple announced a new security update designed to fix a significant zero-day vulnerability that has reportedly been used in "extremely sophisticated" attacks. This flaw has been assigned the identifier CVE-2025-24201 and is associated with the WebKit web browser engine component, which is crucial for many browsers on Apple devices.

The nature of this vulnerability is categorized as an out-of-bounds write issue. This means that it can permit attackers to develop harmful web content that escapes from the protected Web Content sandbox, which is intended to provide security by isolating web processes from the rest of the operating system. Apple has addressed this issue by enhancing checks that help block unauthorized actions. Additionally, Apple noted that this fix acts as a supplementary measure following an attack that was thwarted in the earlier iOS version 17.2.

The company has recognized that this particular vulnerability may have been exploited against specific, targeted individuals using versions of iOS that predate 17.2. However, the announcement did not clarify whether Apple’s internal security team uncovered the vulnerability or if it was reported by an external security researcher. Furthermore, the advisory did not include information about when these attacks began, their duration, or the identities of the affected individuals.

Following the update, users of various Apple devices can access the fix across multiple operating system versions. The update is available for:

  • iOS 18.3.2 and iPadOS 18.3.2: This includes devices like the iPhone XS and later models, and various iPad models such as the iPad Pro (13-inch and 12.9-inch 3rd generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
  • macOS Sequoia 15.3.2: This update applies to Macs running the latest version of the macOS Sequoia.
  • Safari 18.3.1: For Macs using macOS Ventura and macOS Sonoma.
  • visionOS 2.3.2: This pertains to devices like Apple Vision Pro.

Since the beginning of 2025, Apple has managed to address a total of three zero-day vulnerabilities that were actively being exploited in the wild, including CVE-2025-24085 and CVE-2025-24200. Keeping software up to date remains a vital practice for all users to enhance their device security and protect against potential threats. The company routinely issues updates to address security flaws, reinforcing the importance of timely maintenance to defend against sophisticated cyber-attacks.

As the threat landscape continues to evolve, it’s essential for users to stay informed about such vulnerabilities and regularly check for software updates to safeguard their devices and personal information.

Also Read