Apple released a critical security update to address a zero-day vulnerability in WebKit, the browser engine behind Safari. The flaw, identified as CVE-2025-24201, is an out-of-bounds write issue that could allow attackers to bypass WebKit’s sandbox. This sandbox is a security feature meant to prevent unauthorized access to system resources, even if compromised. Hackers could exploit the flaw by crafting malicious web content that breaks out of the sandbox, gaining access to the system. Apple confirmed that the vulnerability was exploited in highly sophisticated attacks targeting specific individuals with devices running iOS versions before iOS 17.2.
Although Apple did not reveal who was targeted or who was behind the attacks, they acknowledged the vulnerability’s severity.
The company blocked the flaw in iOS 17.2 but issued a supplementary fix to fully address it. This update improves checks to ensure that attackers cannot bypass the sandbox with malicious web content. Apple did not disclose whether the flaw was discovered internally or reported by an external researcher. The company did not provide details on the timeline of the attacks, leaving questions about their duration and impact.
The update is available for several Apple devices, including iPhones, iPads, Macs, and Vision Pro headsets, running different operating system versions. Affected operating systems include iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1. Apple urged users with these devices to install the patch immediately to protect against future exploitation. By deploying this update, Apple strengthens its defenses against attacks targeting vulnerable systems and ensures greater user safety. The fix is designed to prevent further attempts at exploiting the flaw, thus safeguarding sensitive data from potential breaches.
This zero-day vulnerability highlights the ongoing risks of targeted cyberattacks on specific individuals.
Apple’s use of the term “extremely sophisticated attack” reflects the advanced nature of the threat, although no evidence links this attack to previous incidents. In February, Apple similarly described another security issue, but no connections have been confirmed between the two attacks. Despite these uncertainties, Apple remains proactive in addressing security vulnerabilities, reinforcing its commitment to securing its devices against evolving threats. By continuously updating its software, Apple aims to stay ahead of attackers and provide robust protection for its users.
What’s a zero-day vulnerability?
A zero-day vulnerability is a security flaw in software or hardware that is unknown to the vendor and lacks an official fix. Cybercriminals exploit these vulnerabilities before developers can release a patch, making zero-day attacks highly dangerous. Hackers often use zero-day exploits to deliver malware, steal data, or gain unauthorized access to systems. Notable examples include Stuxnet and Log4Shell, which caused widespread damage. To mitigate risks, organizations should use intrusion detection systems, endpoint protection, and regular security updates. Stay ahead of zero-day threats with proactive cybersecurity monitoring and threat intelligence.
