Apple has released urgent security updates to address a critical zero-day vulnerability, identified as CVE-2025-24201, affecting iPhones and iPads.
This flaw resides within WebKit, the engine powering Safari, Mail, App Store, and other applications. If exploited, it allows malicious web content to bypass the Web Content sandbox, potentially leading to unauthorized actions on the device.
Devices Affected:
- iPhone XS and later models
- iPad Pro 13-inch and later
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
Security Patch Details:
To mitigate this vulnerability, Apple has issued patches through iOS 18.3.2 and iPadOS 18.3.2. These updates address an out-of-bounds write issue by implementing improved checks, thereby preventing unauthorized actions.
SUPPORT.APPLE.COM
How to Update Your Device:
Navigate to Settings.
Tap on General.
Select Software Update.
If an update is available, tap Download and Install.
Enabling automatic updates is also recommended to ensure your device remains secure against future vulnerabilities.
Additional Security Measures:
In addition to iOS and iPadOS updates, Apple has released security fixes for other platforms:
macOS Sequoia 15.3.2: Addresses the same WebKit vulnerability, enhancing security for Mac users.
visionOS 2.3.2: Provides necessary security enhancements for Apple Vision Pro devices.
tvOS 18.3.1: Ensures Apple TV 4K (3rd generation) devices receive the latest security protections.
Conclusion:
Given the severity of CVE-2025-24201 and its potential exploitation in highly sophisticated attacks, it is imperative for users to update their devices promptly. Regularly installing security updates is crucial to protect personal data and maintain device integrity.
