Apple has released an urgent security update for iPhones and iPads following the discovery of a critical zero-day vulnerability, labeled CVE-2025-24201. This flaw, found in WebKit—the engine behind Safari, Mail, and the App Store—enables attackers to bypass security protections and access sensitive data. The issue stems from an out-of-bounds write error, allowing malicious web content to evade Apple’s Web Content sandbox feature.
Apple confirmed that the vulnerability has already been exploited in targeted attacks, primarily affecting users with older iOS versions prior to 17.2. Cybersecurity experts warn that such zero-day exploits are often used by state-sponsored hackers or advanced cybercriminal groups, making this a significant threat.
Also Read: Apple’s valuation could soon hit $4 trillion, driven by the rise of Apple Intelligence
The vulnerability affects a wide range of devices, including iPhone XS and later models, as well as various iPad versions such as the iPad Pro 13-inch, iPad Air (3rd generation and later), and iPad Mini (5th generation and later). Apple has urged all users to update their devices immediately to avoid potential cyberattacks.
To address the issue, Apple has rolled out iOS 18.3.2 and iPadOS 18.3.2, which include enhanced security checks to block unauthorized access. The update, released on March 11, 2025, is designed to supplement a previous patch in iOS 17.2 and mitigate the risks posed by this vulnerability.
Apple users are advised to update their devices by navigating to Settings > General > Software Update and installing the latest version. Experts also recommend enabling two-factor authentication, using strong passcodes, and regularly reviewing app permissions to ensure further protection against cyber threats.
