Apple is urging everyone to update to iOS 18.3.2 and iPadOS 18.3.2 to fix a WebKit bug.
As PCMag reports, Apple is patching a zero-day vulnerability in iPhones and iPads that could be exploited in “extremely sophisticated” attacks.
The vulnerability, dubbed CVE-2025-24201, was found in WebKit, Apple’s open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It can cause “maliciously crafted web content” to break out of the Web Content sandbox, Apple said in its release notes.
Apple says it’s aware of the vulnerability being exploited in “an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2” and that the new security patch is a supplementary fix to the one released with iOS 17.2.
Devices at risk include the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
To fix the issue, Apple has released patches with iOS 18.3.2 and iPadOS 18.3.2, stating that “an out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.”
—
Photo Credit: Photo Agency / Shutterstock.com