Latest Cyber Security News

You are here: Home / General Cyber Security News / Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
March 12, 2025

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks.

The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component.

It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Apple said it resolved the issue with improved checks to prevent unauthorized actions. It also noted that it’s a supplementary fix for an attack that was blocked in iOS 17.2.

Cybersecurity

Furthermore, it acknowledged that the vulnerability “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.”

However, the advisory does not mention if Apple’s own security team discovered the flaw or if it was reported to it by an external researcher. It also does not mention when the attacks began, how long they lasted, and who was targeted.

The update is available for the following devices and operating system versions –

  • iOS 18.3.2 and iPadOS 18.3.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia 15.3.2 – Macs running macOS Sequoia
  • Safari 18.3.1 – Macs running macOS Ventura and macOS Sonoma
  • visionOS 2.3.2 – Apple Vision Pro

With the latest development, Apple has addressed a total of three actively exploited zero-days in its software since the start of the year, the other two being CVE-2025-24085 and CVE-2025-24200.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *