CyberSecurity news
FlagThis
MSSP Alert@MSSP feed for Latest
//
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).
Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.
ImgSrc: files.cyberrisk
References :
Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.
ImgSrc: files.cyberrisk
Share:
References :
- The DefendOps Diaries: Apple's Swift Response to WebKit Zero-Day Vulnerability: CVE-2025-24201
- BleepingComputer: Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
- securityaffairs.com: Apple fixed the third actively exploited zero-day of 2025
- CyberInsider: Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
- Threats | CyberScoop: Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.
- techcrunch.com: The flaw was in the browser engine WebKit, used by Safari and other apps.
- bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- infosec.exchange: NEW: Apple patched a zero-day in WebKit that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.� This is second time, AFAICT, that Apple uses the "extremely sophisticated" phrase for a patched bug.
- The Hacker News: Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
- www.csoonline.com: Apple patches zero-day bugs used in targeted iPhone attacks
- Blog: FieldEffect blog post on apple-emergency-update-extremely-sophisticated-zero-day.
- www.infosecurity-magazine.com: iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
- MSSP feed for Latest: Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine
- Malwarebytes: Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks�
- SOC Prime Blog: CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
- bsky.app: Apple pushed additional updates for a zero-day that may have been actively exploited.
- ApplSec: Apple pushed updates for a new zero-day that may have been actively exploited.
- iThinkDifferent: iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.2 released with critical WebKit security fix
- www.zdnet.com: Apple is patching a vulnerability in iPhones and iPads that could be exploited in "extremely sophisticated" attacks. The vulnerability, dubbed CVE-2025-24201, was found in , Apple's open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It
- bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. � CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
- bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. � CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
- Rescana: Apple Urgently Patches CVE-2025-24201 Zero-Day in iOS, iPadOS, macOS, visionOS, and Safari amid Attacks
- PCMag UK security: Update Now: Apple Rolls Out Fix for 'Extremely Sophisticated' Zero-Day Bug
- eWEEK: Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticated� cyber attacks.
Classification:
- HashTags: #Cybersecurity #Apple #SecurityUpdates
- Company: Apple
- Target: Apple products
- Product: iOS, Safari, macOS
- Feature: WebKit
- Type: Bug
- Severity: Major